On Fri, Aug 17, 2007 at 10:09:49AM +0200, Matthias Haegele wrote: > SA Lists schrieb: > > Dont think so: > http://www.sanesecurity.co.uk/clamav/ > "Phishing and Scam Signatures for ClamAV" > > >I have just now included many of the SARE rules in my sa-update. I am > >almost looking forward to getting some spam to see if they work! :) > >...I presume that simply adding the rules via sa-update (as per the > >instructions on the wiki) is enough - they don't have to be "activated" in > >any way do they? > > running sa-update (cron job) should do it...
Yes, I did that, manually first (that seemed to load all the rules) and then from a cron job which will run every night. The results however are not encouraging. Even as I was compiling my last message to you one of those very same spam messages (one with about three lines of random words) came in and, even with the new rules in place (and yes, I had at that stage restarted spamd), it was scored with the lowest score yet for one of those messages (1.9!). > > >Where can I find out more about the Botnet plugin? (There doesn't seem to > >be a reference to it on the wiki). > > http://people.ucsc.edu/~jrudd/spamassassin/ > Download the latest version, untar it and read *txt and INSTALL ;-). > You could search this mailing lists archive too for more infos on it. > "spamassassin users botnet plugin" might give some results. > Yes, sorry I should have made my request clearer. When I wrote that I had already downloaded the plugin and read the text files it came with, I had also looked back through some of the posts here. What I meant was should it just be installed as-is? Are there any rules that conflict with others? What does it work well with?... that sort of thing. However, I just went ahead and installed it anyway. So far none of the above has helped. In this morning's inbox I had 2 more of the three-line spams missed by SA (scores 2.6 and 1.8) and in my spam-filter 8 messages (mostly the same one trying to sell me watches) which SA was already picking up before these additional rules... I know on that batch of spam it's an 80% success rate, but yesterday, when the mix of spam was different, it was the other way around. Very frustrating. I must be doing something wrong, especially when other people tell me that SA catches 198 out of 200 for them (as one friend told me). Thanks again for your help. Much appreciated. AD
pgpf4tT2maD3F.pgp
Description: PGP signature