Thanks for the reply.
I've never taken anything out of ASSP unless it was causing a problem.
I've had to add plenty to bombSubjectRe though over the years. I've the
following DNSBL:
* zen.spamhaus.org=>127.0.0.2=>1
* zen.spamhaus.org=>127.0.0.3=>1
* zen.spamhaus.org=>127.0.0.4=>1
* zen.spamhaus.org=>127.0.0.5=>1
* zen.spamhaus.org=>127.0.0.6=>1
* zen.spamhaus.org=>127.0.0.7=>1
* zen.spamhaus.org=>127.0.0.8=>1
* bl.spamcop.net=>1
* #safe.dnsbl.sorbs.net=>1
* ix.dnsbl.manitu.net=>2
* bb.barracudacentral.org=>2
* bogons.cymru.com=>1
* db.wpbl.info=>2
* dnsbl-1.uceprotect.net=>2
* psbl.surriel.com=>2
* #dnsbl-2.uceprotect.net=>4
* bl.spameatingmonkey.net=>127.0.0.2=>1
* dnsrbl.swinog.ch=>3
* dsn.rfc-ignorant.org=>1
* bl.mailspike.net=>1
Re clam, I've got unofficial-clamav-sigs running which does low and
medium risk defs for the following:
Sansecurity
Malware Expert
Foxhole
Winnow
MiscreantPunch
BOFHland
RookSecurity
Porcupine
SecuriteInfo
Linux Malware Detect
Yara Rules
I've reclassified a few hundred emails manually today, ones that HMM
would have blocked but were allowed through and I got bored after
getting back as far as the 21st. The problem is that I can't turn on
blocking for HMM and force people to release everything that gets
blocked as it'd cause way too much upset. I can see hundreds of
legitimate emails that would be blocked per day.
I can't see an easy way to improve this, the closest I can get is to
have emails that fail HMM/Bayes but do not get blocked collected in a
different folder and then I can whip through them to reclassify them.
When that retrains the database to the point that there are very few
false positives I can be confident in turning the blocking on.
All the best,
Colin.
On 25/07/2017 15:46, Grayhat wrote:
:: On Tue, 25 Jul 2017 14:22:01 +0100
:: <caochygk887uycmdhcjzrgeqwjiajs_rxgdebkgyy+ttx8d3...@mail.gmail.com>
:: cw <colin.war...@gmail.com> wrote:
So how have other people got their databases to be accurate?
All the best,
A decent approach is using the default regexp and some good and
reliable DNSBLs/URIBLs to catch "surefire spam", that will help
training the bayes/hmm which, after a while may be set to reject
As for training, you may also add to the arsenal a properly setup clamD
scanner, just add some of the signatures found here to it
http://sanesecurity.com/usage/signatures/
and configure a scheduled script to keep them up-to-date; these, along
with the DNS lists will greatly help training the heuristic engines
(and then you may also feed some spam mail to the corpus); I know, it
isn't a "setup and forget", but then ASSP needs to be configured *and*
trained; the great advantage is that, once it starts humming along you
won't need to do too much to keep it running :)
Sure, you'll also need to properly configure automatic whitelisting and
train users about the email interface (it's easy, believe me), but
that's more or less all you'll need
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Assp-user mailing list
Assp-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-user
