FW: [Samba] Viruses and the list

[Bakken, Gunnar]

-----Original Message-----
From: Michael Heironimus [mailto:mkh01 at earthlink.net] 
Sent: Wednesday, August 20, 2003 8:36 PM
To: 'samba at samba.org'
Subject: Re: [Samba] Viruses and the list


On Wed, Aug 20, 2003 at 05:59:07PM -0700, Philip Edelbrock wrote:
> I was forced to put a filter (spambayes) on my list (Lm_sensors) to 
> keep
> out most of the garbage.  It's really helped a ton, and I can scan the 
> 'spam' to make sure nothing real got blocked from the rest of the 
> recipients of the list.
> 
> It's pretty easy (I used procmail, spambayes, and a large amount of 
> spam
> and normal mail to train it).  It's also easy to refine the training as 
> time goes on.
> 
> In a nutshell, for my main mail server I created a database:
> 
> hammiefilter.py -n -d/mypathtothedatabase/hammie.db
> 
> Then trained it:
> 
> nice mboxtrain.py -d/mypathtothedatabase/hammie.db  -g
> /pathtomyGOODmail.mbox -s /pathtomyBADmail.mbox
> 
> (You can run the line above as many times as you want with just -g or
> just -s or multiples to keep appending to the database)
> 
> And then I added the rule to the top of /etc/procmailrc:
> 
> :0fw
> | /pathtothebins/hammiefilter.py -d /mypathtothedatabase/hammie.db
> 
> Finally, the emails will now contain a new header (nothing gets 
> blocked
> or modified other than the addition of this header):
> 
> X-Spambayes-Classification: ham; 0.01
> 
> ham/unsure/spam refers to the general classification, and 0.00-1.00
> refers to the percentage likelihood that it is spam.  From there, you 
> can filter/forward/etc. in procmail scripts or on the client end, or 
> whatever you want to do.  You can even create multiple databases to do 
> levels of classification (e.g. percentage chance that it is a virus, or 
> that it is from your parole officer, etc.) and use formail to rename the 
> header after each scan.

Just a related FYI...

Recent versions of spamassassin also include bayesian filtering. Until you've
trained it with enough messages spamassassin will only use its other filtering
rules, which are pretty good but don't catch these antivirus bounces. If you're
using spamassassin already you don't need to set up a new tool, you just need to
train the one you've got (or upgrade and train it if you're using an old
version).

-- 
Michael Heironimus
-- 
To unsubscribe from this list go to the following URL and read the
instructions:  http://lists.samba.org/mailman/listinfo/samba