-------- Original-Nachricht -------- > Datum: Mon, 26 Nov 2007 11:24:25 +0000 > Von: Mark Rogers <[EMAIL PROTECTED]> > An: [email protected] > Betreff: [dspam-users] EICAR equivalent for spam
> When testing anti-virus systems, I can send the EICAR binary [1] which I > know all anti-virus programs will detect so i can check for correct > operation. > > Is there a similar method I can use for checking a dspam installation? > Ie send a message which I know will be picked up as spam (but will not > be learnt from, so I don't end up blacklisting myself!) so I can check > that it correctly ends up in the correct quarantine box or gets > delivered with the correct headers? > DSPAM is a statistical software and not a rule/hash based software like an anti-virus application. Having a string or binary on witch DSPAM would always report spam is pointless in a statistical software. If you want, you could create your own string and train with that string your DSPAM installation to report that string as spam. For example (for my installation. Your installation could return another token depending on the tokenizer and pvalue you use): mail / # dspam_crc '[EMAIL PROTECTED](U^)EF2)7}$DSPAM-SPAM-TEST-STRING!$D+E*' TOKEN: '[EMAIL PROTECTED](U^)EF2)7}$DSPAM-SPAM-TEST-STRING!$D+E*' CRC: 7843289567645217189 mail / # So just add token '7843289567645217189' to your DSPAM installation and add a high spam count on that token. Add the token to a user (DSPAM uid) where you turn off white listing and then you have your test for a string which will always return spam when testing against a specific DSPAM user. To not spoil the data in DSPAM I would test with --classify --mode=notrain in order to not change the tokens and I would as well turn on TOE mode for that user so that the purge script does not purge this token from the database. > [1]: http://www.eicar.org/anti_virus_test_file.htm > > -- > Mark Rogers // More Solutions Ltd (Peterborough Office) // 0845 45 89 555 > Registered in England (0456 0902) at 13 Clarke Rd, Milton Keynes, MK1 1LG > // SteveB -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger
