[Samba] Viruses and the list
mkh01 at earthlink.net
Thu Aug 21 01:36:02 GMT 2003
On Wed, Aug 20, 2003 at 05:59:07PM -0700, Philip Edelbrock wrote:
> I was forced to put a filter (spambayes) on my list (Lm_sensors) to keep
> out most of the garbage. It's really helped a ton, and I can scan the
> 'spam' to make sure nothing real got blocked from the rest of the
> recipients of the list.
> It's pretty easy (I used procmail, spambayes, and a large amount of spam
> and normal mail to train it). It's also easy to refine the training as
> time goes on.
> In a nutshell, for my main mail server I created a database:
> hammiefilter.py -n -d/mypathtothedatabase/hammie.db
> Then trained it:
> nice mboxtrain.py -d/mypathtothedatabase/hammie.db -g
> /pathtomyGOODmail.mbox -s /pathtomyBADmail.mbox
> (You can run the line above as many times as you want with just -g or
> just -s or multiples to keep appending to the database)
> And then I added the rule to the top of /etc/procmailrc:
> | /pathtothebins/hammiefilter.py -d /mypathtothedatabase/hammie.db
> Finally, the emails will now contain a new header (nothing gets blocked
> or modified other than the addition of this header):
> X-Spambayes-Classification: ham; 0.01
> ham/unsure/spam refers to the general classification, and 0.00-1.00
> refers to the percentage likelihood that it is spam. From there, you
> can filter/forward/etc. in procmail scripts or on the client end, or
> whatever you want to do. You can even create multiple databases to do
> levels of classification (e.g. percentage chance that it is a virus, or
> that it is from your parole officer, etc.) and use formail to rename the
> header after each scan.
Just a related FYI...
Recent versions of spamassassin also include bayesian filtering. Until
you've trained it with enough messages spamassassin will only use its
other filtering rules, which are pretty good but don't catch these
antivirus bounces. If you're using spamassassin already you don't need
to set up a new tool, you just need to train the one you've got (or
upgrade and train it if you're using an old version).
More information about the samba