From: "Martin Hardie" <[EMAIL PROTECTED]> > Hi All > > I have been getting a load of mail with docs attached such as: > > xx.pif > > It is prompting me to consider some spam filter like spamassassin but i have > no idea where to start > > any suggestions?
Martin, for that kind of spam you need to consider a compound approach. I'm happy with a simple postfix->procmail->nk-vir->SpamAssassin path. Most want more AV protection and use ClamAV instead. I made the mistake of learning at least some of the procmail syntax so that's easier for me than setting Amavis and ClamAV with SpamAssassin. Some things to remember. 1) SpamAssassin is not a filter. It is a spam scoring tool and annotating tool. You use something following SpamAssassin to dispatch the spam to /dev/null, a special spam folder, or a combination of those tricks. 2) ClamAV and nk-vir are at different ends of a spectrum of virus diverter engines. I don't know ClamAV very well. But nk-vir diverts spam to a spam storage place, on the linux machines. I check it there with the simple command line utility, "mail". It is WAY too dumb to infect me with anything other than a social engineering virus. 3) None of the above tools works without some form of wrapper and dispatch engine, procmail, milters, Amavis, or the like. Budget a day or so to get it working. (It is worth it. Once it's working your life becomes ever so much easier.) 4) All of the above "feature" false positives. Given that "Murphy was an optimist" there will be false positives that include your job offer from Google or something else equally critical to your future. Budget a little time, 10-15 minutes at the outside, to scan at least the titles of the spams and viruses to make sure nothing critical got into your dumpster. 5) With SpamAssassin there is a phenomenon called add on rule sets. There are many publicly available rule sets. IMAO the best is at the SARE, SpamAssassin Rules Emporium. Visit it. Install the rule sets. Watch the spam tagging accuracy climb dramatically. 6) With SpamAssassin you MUST train the Bayes filter on YOUR mail mix. Collect at least 200 (1000 preferred) each of spams and hams that you have personally vetted. Feed them to SpamAssassin's "salearn" tool. Bayes will kick in nicely. 7) Personal prejudices re SA: Turn off automatic Bayes training and automatic whitelisting, at least until Bayes is well trained and you have achieved high accuracy spam filtering. I've watched many newbies experience munged Bayes databases and whitelists (which are miss named anyway) due to false training via the automatic training features on newly installed SpamAssassins. The SpamAssassin WIKI is a help. Sadly it could all be better documented. (If you actually LIKE writing documentation and fighting spam the SA developers would welcome you with open arms! And if you know someone who wants to employ a perl expert who happens to like fighting spam, Duncan, the chief SA developer, needs some summer employment. ANYTHING that we all can do to support this team is worthwhile.) 8) If you experience difficulties the SpamAssassin users mailing list at Apache.org is well worth your time and effort. {^_^} Joanne
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________