Re: Webmail at UK2.net
we run pfsense and snort (paid version). i get an alert when some idiot opens the .doc/.xls/.pdf that try to phone home to compromised servers, sometimes the AV gets them too. luckily we havent been hit with anything snort hasnt known about.
still, at least i can educate people when the alert goes off. education is better than AV or IPS reliance.