From: "Martin Hardie" <[EMAIL PROTECTED]>
> Hi All
>
> I have been getting a load of mail with docs attached such as:
>
> xx.pif
>
> It is prompting me to consider some spam filter like spamassassin but i
have
> no idea where to start
>
> any suggestions?
Martin, for that kind of spam you need to consider a compound approach.
I'm happy with a simple postfix->procmail->nk-vir->SpamAssassin path.
Most want more AV protection and use ClamAV instead. I made the mistake
of learning at least some of the procmail syntax so that's easier for me
than setting Amavis and ClamAV with SpamAssassin.
Some things to remember.
1) SpamAssassin is not a filter. It is a spam scoring tool and annotating
tool. You use something following SpamAssassin to dispatch the spam to
/dev/null, a special spam folder, or a combination of those tricks.
2) ClamAV and nk-vir are at different ends of a spectrum of virus diverter
engines. I don't know ClamAV very well. But nk-vir diverts spam to a spam
storage place, on the linux machines. I check it there with the simple
command line utility, "mail". It is WAY too dumb to infect me with anything
other than a social engineering virus.
3) None of the above tools works without some form of wrapper and dispatch
engine, procmail, milters, Amavis, or the like. Budget a day or so to get
it working. (It is worth it. Once it's working your life becomes ever so
much easier.)
4) All of the above "feature" false positives. Given that "Murphy was an
optimist" there will be false positives that include your job offer from
Google or something else equally critical to your future. Budget a little
time, 10-15 minutes at the outside, to scan at least the titles of the
spams and viruses to make sure nothing critical got into your dumpster.
5) With SpamAssassin there is a phenomenon called add on rule sets. There
are many publicly available rule sets. IMAO the best is at the SARE,
SpamAssassin Rules Emporium. Visit it. Install the rule sets. Watch the
spam tagging accuracy climb dramatically.
6) With SpamAssassin you MUST train the Bayes filter on YOUR mail mix.
Collect at least 200 (1000 preferred) each of spams and hams that you
have personally vetted. Feed them to SpamAssassin's "salearn" tool.
Bayes will kick in nicely.
7) Personal prejudices re SA: Turn off automatic Bayes training and
automatic whitelisting, at least until Bayes is well trained and you
have achieved high accuracy spam filtering. I've watched many newbies
experience munged Bayes databases and whitelists (which are miss named
anyway) due to false training via the automatic training features on
newly installed SpamAssassins. The SpamAssassin WIKI is a help. Sadly
it could all be better documented. (If you actually LIKE writing
documentation and fighting spam the SA developers would welcome you with
open arms! And if you know someone who wants to employ a perl expert
who happens to like fighting spam, Duncan, the chief SA developer, needs
some summer employment. ANYTHING that we all can do to support this team
is worthwhile.)
8) If you experience difficulties the SpamAssassin users mailing list
at Apache.org is well worth your time and effort.
{^_^} Joanne
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
