Re: New beta release 4.78.3 -- "spam-viruses"
--[ UxBoD ]-- <uxbod <at> splatnix.net>
2009-08-01 07:23:24 GMT
----- "Julian Field" <MailScanner <at> ecs.soton.ac.uk> wrote:
> I have just released a new beta, the first in quite a while.
> This has one major re-arrangement done to it, in that the virus
> is now done *before* the spam checking, instead of after it as it has
> always been in the past. This results in you virus-scanning all the
> you are about to delete, but for virtually all virus scanners the cost
> of scanning a few extra files is very minimal compared to the cost of
> running SpamAssassin on them anyway. So it won't make much difference
> the speed at all. And you have the advantage that you won't be
> spam-scanning viruses any more.
> The need for this is because...
> I have introduced a solution to the issue of what I am calling
> "spam-viruses" which are messages detected as being spam by your
> scanner. At least ClamAV and F-Prot can do this now. Automatically
> deleting mail which a third-party ClamAV signature database thinks is
> probably spam is not a very good idea, as there are false alarms which
> have bitten most of us in the past.
> So what you want is a way of assigning a spam score to different
> "spam-viruses" so you can use the signature databases to varying
> depending on what you think of their reliability. Some of the ClamAV
> databases have far more false alarms (false positives) than others, as
> documented here:
> So now a list of all the "spam-viruses" found in a message will be put
> in a new message header before the message is passed to SpamAssassin,
> you can do everything from simply assigning a score if the header
> at all, to assigning different scores to different spam-viruses as you
> like. You can make it as simple or as complex as you choose. I have
> given you a sample rule to start from in spam.assassin.prefs.conf.
> So you need to do 2 other things:
> 1. Set the name of the header used for this: see the "Spam-Virus
> setting in MailScanner.conf.
> 2. Define what virus names are actually spam-viruses. See the "Virus
> Names Which Are Spam" setting in MailScanner.conf.
> The second of those is given very simply. No regular expressions or
> anything complicated like that, sorry.
> You give a space-separated list of strings which are the names of the
> You can use the "*" wildcard character to mean "any number of zero or
> more characters", just like you do in filenames. You can use several
> wildcards in each string, of course.
> Other than that the string will be matched against the whole virus
> with a case sensitive match.
> If you want to match just a sub-string of the virus name, put a "*" at
> the start and end of the string, such as in "*UNOFFICIAL*" for
> Two simple examples are "HTML/*" and "Sane*UNOFFICIAL" which are
> hopefully both self-explanatory.
> For more information about these 2 settings, see the MailScanner.conf
> I think this keeps the configuration nice and simple for most people,
> but allows the 0.1% of wizards to build really complex setups.
> If you strongly disagree with the way I have done it, please do let me
> know, this is only a beta so I can easily change it at this point
> without upsetting anyone.
> Hopefully you will find this a useful new feature, and that the cost
> the code re-arrangement is not too high.
> Have a good weekend, and please let me know if you have any "issues"
> with any of it!
> Julian Field MEng CITP CEng
> Buy the MailScanner book at www.MailScanner.info/store
> Need help customising MailScanner?
> Contact me!
> Need help fixing or optimising your systems?
> Contact me!
> Need help getting you started solving new requirements from your
> Contact me!
> PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
> Follow me at twitter.com/JulesFM and twitter.com/MailScanner
I am sure the 0.1% of wizards will be hitting Amazon and sending something your way Jules ... Great work this
is exactly what I needed :) Time to build up the new server and get installing :D
SplatNIX IT Services :: Innovation through collaboration
MailScanner mailing list
mailscanner <at> lists.mailscanner.info
Before posting, read http://wiki.mailscanner.info/posting
Support MailScanner development - buy the book off the website!