Mark Rogers wrote:
Steve wrote:
DSPAM is a statistical software and not a rule/hash based software
like an anti-virus application. Having a string or binary on witch
DSPAM would always report spam is pointless in a statistical software.
If you want, you could create your own string and train with that
string your DSPAM installation to report that string as spam.
[...]
I'm not sure I followed all of that sufficiently to be able to work
through it. Assuming I'm injecting the mail into the system as normal
(ie by sending an email) then I'm not sure how I'd tell dspam not to
train on it. I can see how I might do that from the command line but
that doesn't help me test that the mail server is processing spam
correctly. But I'm probably missing something!
Tony Earnshaw wrote:
How many different tokens would OP have to add to catch all virus,
ever, even in the future, that proper AV software already catch?
Sorry, but this is flogging a dead horse (as we in the knacker's
trade express it).
Tony, you're missing the point of what I want to do. I don't want
dspam to catch EICAR - that's the job of anti-virus software as you
point out.
I want it to catch something similar (a "fake" spam) so that I can
test my dspam installation in the same way I can test my AV install
using EICAR. Eg: I can send the EICAR "virus" into or through my mail
server in various ways and see what happens. I want to similarly send
a test spam through my mail server and confirm (a) that it gets
caught, (b) check it's visible through quarantine (for the correct
user), (c) check it has correct headers inserted etc, (d) test my mail
client for correct routing of received spam as flagged by dspam,
(e...) and so on.
The "wait until a spam is received for that user" approach isn't
always ideal! In particular I can't test the spam setup that way until
the MX records are pointed at the server so that it starts to collect
spam. Also, I could routinely send a welcome message to new users
including the "spam signature" which I know would end up in their
quarantine and could be part of the user training process that is
usually somewhat harder than training dspam itself :-)
At the moment, the best I can do is use dspam to call clamav, and rely
on dspam indirectly quarantining EICAR, but I have some clients who
want anti-virus but not anti-spam (and might one day have those who
want the reverse).
Mark,
You don't seem to understand. DSpam is not SpamAssassin. On a fresh
install of DSpam there is no statistical data, or more simply put there
is no Out of the Box filtering. Which means that even if you were to
send the GTube message (or other spam) to DSpam for filtering, DSpam
wouldn't have any reason to consider it Spam because it hasn't been
sufficiently trained yet. You could feed DSpam the SA Public Corpus, but
there is no guarantee that it will catch the GTube/Test Spam message.
So to answer your original question, No there is no way to test DSpam
with an EICAR like test message.
-Jeff Harris
