Steve skrev, on 26-11-2007 17:24: [...]
DSPAM is a statistical software and not a rule/hash based software like an anti-virus application. Having a string or binary on witch DSPAM would always report spam is pointless in a statistical software. If you want, you could create your own string and train with that string your DSPAM installation to report that string as spam. For example (for my installation. Your installation could return another token depending on the tokenizer and pvalue you use): mail / # dspam_crc '[EMAIL PROTECTED](U^)EF2)7}$DSPAM-SPAM-TEST-STRING!$D+E*' TOKEN: '[EMAIL PROTECTED](U^)EF2)7}$DSPAM-SPAM-TEST-STRING!$D+E*' CRC: 7843289567645217189 mail / # So just add token '7843289567645217189' to your DSPAM installation and add a high spam count on that token. Add the token to a user (DSPAM uid) where you turn off white listing and then you have your test for a string which will always return spam when testing against a specific DSPAM user. To not spoil the data in DSPAM I would test with --classify --mode=notrain in order to not change the tokens and I would as well turn on TOE mode for that user so that the purge script does not purge this token from the database.
How many different tokens would OP have to add to catch all virus, ever, even in the future, that proper AV software already catch?
Sorry, but this is flogging a dead horse (as we in the knacker's trade express it).
--Tonni -- Tony Earnshaw Email: tonni at hetnet dot nl
