Re: Local 419 mail rule set.
On Wednesday 13 April 2005 08:00 am, Craig McLean wrote: > Dear list, > I've got a few local rules which I use to supplement the basic SA > installation (3.0.2), but I don't really have a sizeable ham/spam corpus > to test them against. Also, I'm aware that there will likely be some > cross-over with the SARE ruleset, which I'm not using at the moment. > So I've attached the .cf for anyone who's interested, please feel free > to use it however you see fit. I'd be grateful for any suggestions to > reduce FP's, masscheck results, or suggestions for better places to > submit these rules :-). > > Thanks in advance. > Craig. You forgot the attachment. -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: Barracuda's Spam firewall
On Friday 25 February 2005 09:26 am, you wrote: > On Fri, Feb 25, 2005 at 09:20:13AM -0800, Brook Humphrey wrote: > > making a killing on the hardware depending on what they are using on the > > software side. If it's a bunch of oss stuff on the inside then their > > development costs are next to nothing and they in essence are charging > > allot for a rack mount low end server. > > They use SA under the hood, amoung other things I'm sure, but SA is > involved. I figured as much. > > Michael -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: Barracuda's Spam firewall
On Friday 25 February 2005 07:58 am, Gray, Richard wrote: > Anyone care to comment on how successful/effective this particular product > is? (http://www.barracudanetworks.com) > > There is something of a major dispute going regarding whether this > represents better value for mney than other solutions (including our own, > self built service) > > If any of you fine people has any experience with this (tested it, use it, > know someone else who uses it) I'd really appreciate any feedback you could > give me on its pros/cons. > > Thanks. > > Richard wow if thats reasonably priced I'd hate to see what others are charging. All in all i would not say the low end price is so bad but really they are making a killing on the hardware depending on what they are using on the software side. If it's a bunch of oss stuff on the inside then their development costs are next to nothing and they in essence are charging allot for a rack mount low end server. I have never used this product but had heard it mentioned before. > > > --- > This email from dns has been validated by dnsMSS Managed Email Security and > is free from all known viruses. > > For further information contact [EMAIL PROTECTED] -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: different scores - spamd vs spamassassin
On Thursday 11 November 2004 04:23 am, Chad M Stewart wrote: > Something else is going wrong with my Bayes db learning as well. I > restarted spamd this morning. By restart I mean I found the running > process ID, sent it a kill -TERM and then started it again using the > above string. Before the restart I had 2K+ entries in the db. After > restarting I'm now seeing On my system with a site wide bays using spamd I had some issues with bayes learning at a few times. There was a deamon running on the system that would change permissions if it found things that were not secure and it decided that the 666 permissions on the bayes database was just not right. I've seen other reports of bayes not learning correctly and cant say for sure this is the issue but you might want to check your permissions on both the bayes and on the whitelist if you use that also. > > $ sa-learn --dump magic > 0.000 0 3 0 non-token data: bayes db version > 0.000 0 82 0 non-token data: nspam > 0.000 0 161 0 non-token data: nham > > > Again I'm at a loss as to why this might have happened. I'd really > like to hear from some experts as to what it is that is going wrong > here or might be. > > Thank you for your time, > Chad -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: error loading ClamAV.pm
On Tuesday 09 November 2004 02:59 pm, Jackson, Jeff wrote: > I'm getting an error when I try to load the plugin: > > debug: plugin: loading File::Scan::ClamAV from > /etc/mail/spamassassin/ClamAV.pm > Reference found where even-sized list expected at > /etc/mail/spamassassin/ClamAV. > pm line 119. > debug: plugin: registered File::Scan::ClamAV=HASH(0x8df57f8) > > I'm sorry to admit I'm not very perl literate. Can someone tell me what > the erron on line 119 means and how to make it go away? you are missing File::Scan::ClamAV I think try looking at cpan for that module. -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: Clam AntiVirus plugin for SpamAssassin 3.x
On Tuesday 09 November 2004 11:41 am, Cirelle Enterprises wrote: > also, they just might black list your freshclam server and you won't be > getting any updates > > greg got new updates about an hour ago after my update. I guess they unlocked uploads just in time. Hopefully mandrake will push this out as a mandatory upgrade or there will be allot of very unhappy users out there. Matter of fact I'm off to make sure this happens. -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: Clam AntiVirus plugin for SpamAssassin 3.x
On Tuesday 09 November 2004 10:58 am, Christopher X. Candreva wrote: > My personal opinion -- if you aren't building from source, basicly you > should be looking for a different AV solution. With Clam it has often been > necessary in the last few months to run CVS versions to be able to use the > latest virus updates. Um did you read anything I said. I do do my rpm's and I do build from source quite often. Oden is very good about keeping up and i have no need to duplicate his efforts. The only reason this is happening is because mandrake was frozen for release. As a matter of fact Oden just uploaded the latest stuff today. As for anything else it was not that big a deal as my current setup was catching about 99% of everything comming through. I set it up to be superior to begin with so the only real advantage for upgrading besides handling the new definition files is the fact that it handles more archive formats by default. This so far has not been an issue but is very forward looking and is a nice feature to have before it's needed. > > If you are running a 4-5 month old version of Clam, it is going to miss a > lot of recent viruses. You may not even be able to update your database any > more, as the older database format has been retired. Covered this in the above. > > If nothing else, a new database update mechanisim has been introduced, > where the DB version is distributed via a DNS record to reduce the load on > the virus database mirrors. You'll be doing the Clam team a big favor by > moving to 0.80 soon. Yes and this is a very good thing also. System is already updated. Now if I can just get this plugin to work. -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: Clam AntiVirus plugin for SpamAssassin 3.x
On Saturday 06 November 2004 09:49 am, Troels Walsted Hansen wrote: > Hi all, > > I created a small plugin using the new plugin API in SpamAssassin 3.x. > The plugin connects to a local ClamAV <http://www.clamav.net/> server > (through TCP) and checks the email for virus. If a virus is found, it > returns a positive return code to indicate spam and sets the header > "X-Spam-Virus: Yes ($virusname)". > > It may seem odd to invoke an antivirus scanner through SpamAssassin, but > it works very well for me so far. It saved me from dealing with Amavisd > (which was quite painful, in all honesty). > > This is my first Perl code ever, so be gentle. ;-) The code is public > domain, do whatever you like with it. Note that it requires > File::Scan::ClamAV. > <http://search.cpan.org/%7Ecfaber/File-Scan-ClamAV/lib/File/Scan/ClamAV.pm> > Tested with SpamAssassin 3.0.1, ClamAV 0.80 and courier 0.44. I put this into the plugin directory and then the cf file with my others under /etc/mail/spamassassin but I get an error that it is unable to load the clamav plugin. This is the first time I have tried to work with one am I missing something? > > Regards, > Troels Walsted Hansen -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: Clam AntiVirus plugin for SpamAssassin 3.x
On Monday 08 November 2004 05:06 pm, Christopher X. Candreva wrote: > These problems were fixed a while ago. Don't know what you are running, > but we're running 0.80 clamav-milter with clamd, no unpacking problems, and > I would say with as much confidence as possible that nothing gets by it. Yes I've been busy cleaning systems and making pe cd's for cleaning under windows. I have not seriously working on my mail server solution for about 4 or 5 months. I also have not upgraded to .8 yet since I am a maintainer for mandrake and we just gone done with a release cycle and and so cooker has been locked for new apps. I'm also not eh maintainer for clamav and would rather wait for the official maintainers rpm. -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: Clam AntiVirus plugin for SpamAssassin 3.x
On Monday 08 November 2004 11:35 am, Kelson wrote: > Brook Humphrey wrote: > > I already have tested mimedefang and although better than the one clamav > > uses it was no were near as good as ripmime. ripmime deals with the fring > > stuff better. That is things that dont follow standards very well. > > Interesting. I'll have to do some testing. We're using MD for a lot of > other purposes, but if ripmime does handle more cases, it might be worth > adding another parser I can send you my shell scripts for piping these things if you like they make it very easy to test different mime engines. > > > As for binhex > > you will need to get the program for extracting those. It is a mac native > > binary format that can be extracted but you will need the binhex tools to > > do so. I never got it working completely but I did find the tools out > > there to do it. For some reason clamav just doesn't want to deal with it. > > Hmmm, I recall it working under clam's extraction but not MD's, but > looking back at the logs of our most recent testvirus.org run, the > binhex attachments were caught by File::Scan. We run FS first, then > anything that passes goes to clamd, which means that MIMEDefang's own > MIME parser was able to extract it. > > Since the MIMEDefang author recently took over mainaining MIME::Tools, I > went into the changelog, and sure enough, binhex support was added two > months ago in version 5.412. It looks like it uses a perl module rather > than the binhex binary. That would explain it it has been about 4 or 5 months since I really messed with this stuff in depth. Speaking of witch I still need to upgrade to 80 so. > > (Speaking of the binhex binary, for anyone reading this, Red Hat/Fedora > includes it in the macutils package.) Yes same for mandrake if I remember correctly. -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: Clam AntiVirus plugin for SpamAssassin 3.x
On Monday 08 November 2004 10:45 am, Kelson wrote: > We use MIMEDefang, which extracts attachments itself and can also pass > the original message to clamd. That way you get the benefit of two MIME > parsers (MD's and ClamAV's), each with its own quirks, looking for > attachments to scan. Additionally, there are some attachment types > ClamAV will extract that, when I last compared the two, MIME::Tools > (which MD uses) wouldn't. (I think it was BinHex, but it might have > been something else.) With the amount of invalid mime out there (i.e. > there's no defined way to extract it, so each parser will attempt error > recovery differently), it's worth the overlap. I already have tested mimedefang and although better than the one clamav uses it was no were near as good as ripmime. ripmime deals with the fring stuff better. That is things that dont follow standards very well. As for binhex you will need to get the program for extracting those. It is a mac native binary format that can be extracted but you will need the binhex tools to do so. I never got it working completely but I did find the tools out there to do it. For some reason clamav just doesn't want to deal with it. -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: Clam AntiVirus plugin for SpamAssassin 3.x
On Saturday 06 November 2004 01:00 pm, SA wrote: > I have a question here. Doesn't that require clamav to load the virus > signatures each time? If so, it would be pretty inefficient and > resource-hungry. Wouldn't the combination of > courier-maildrop/clamassassin and clamdscan be a lot faster since the > clamd daemon keeps the virus.db loaded? Well yes although this is true your accuracy goes out the door. The problem with clamd is that the built in mime parser is really bad and it also does not do a good job of unpacking attachments even if you have the flag set to scan mail. In my case I run a shell script that uses ripmime and then takes the parts and scans them. My detection rate is about 2-3 times higher using this method instead. I have tired different mime extracting proggies (about 4 or 5 all I could find at the time) and ripmime has by far the best mime support of any of them. Some of them were actually worse than the one built into clamav. So in th3e end the choice is your better detection or more speed. In my case as well as anybody who really cares about what gets through the server you really have to choose better security. Now if at some time in the future clamav starts using ripmime like they have talked about and if it does a better job of unpacking things then of course it would be better to use clamd. -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: Memory usage question
On Friday 17 September 2004 07:05, Chris Santerre wrote: > Yeah, bring that 50 down a little :) Maybe 10. More memory NEVER hurt > anyone! > > Currently with BigEvil I'm running 51 megs for spamd!!! But the record on a > production server is something like 145. I think it was a crazy german ;) > > Your memory usage looks pretty normal. > > I haven't updated BE in a while. Plan on doing this afternoon. For the > remaining people using BE, "WTH is wrong with you?" :-) Chris I know it's not needed but with 3.0rc4 running big evil and a few other custom rules spamd is at 53 megs and I have 5 children processes that are each eating about 56 megs apiece. I wondered if it was true but each child shows slightly different memory usage so they are reading separately. My system has 1 gig of ram and almost 4 gigs of swap. It doesn't use the swap much though. I run my system just for me right now so no other users and it filterers out about 1000 spams a day out of a total of 2000 emails a day or so at peak. I'm also running the surbl lists on this server. I upgraded from an older spamassassin install and just haven't gotten around to cleaning out the old files yet. Hey though since I went to spamassassin 3.0 I have only had about 2 or 3 emails get through in the last 2 or 3 months. With 1000 spam emails a day that's not bad. -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
Re: any performance benefit to SA 3.0?
On Tuesday 14 September 2004 06:36, scohen wrote: > I've read through the benefits to SA 3.0 but I don't see any mention of > performance. I was wondering: > > A) Does SA 3.0 use less memory/CPU then SA 2.64? cant say for others but in my case and from what I have read from the list. cpu is about the same sometimes a little less sometimes a little more. Memory is reduced if you use allot of custom rules chris santare has now done away with big evil and you can use surbl lists to replace those. At any rate the memory usage is reduced under those set of criteria. > B) Does SA 3.0 take less time to decide if an email is spam then SA 2.64? I have not payed attention to this and cant comment. > C) Does SA 3.0 do a better job of identifying spam with its default > configuration then SA 2.64? Yes. I have a bunch of custom rules and my weight is not the normal either. For me before a bunch of html email were getting falsely tagged and for the last month or two before I switched about a month ago. There were allot of spams getting through because bays was just not working very well. With 3.0 installed beys works better. I'm not sure how but it just works. I get an occasional false positive but for maybe a month now i don't think i have gotten even one spam in my email box. And only 1 legitimate false positive. The other two or three are html email news letters that I like to read but others might consider them spam. My stats are that Just for me I get about 500 legit emails a day and around 600 - 800 spams a day. I don't think I ever receive fewer than this accept for maybe on weekends when id drops to 200 legit but the spams never drop. My legit email has gone as high as about 1000 a day and my spam email has gone as high as about 1000 a day. > > Thank you for your time. > > Steve Cohen > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- > ScannedBy: ScanMail V 0.92.9 http://www.webmedic.net > -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=- -- -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~- Brook Humphrey Mobile PC Medic, 420 1st, Cheney, WA 99004, 509-235-9107 http://www.webmedic.net, [EMAIL PROTECTED], [EMAIL PROTECTED] Holiness unto the Lord -~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-~`'~-
