-------- Original-Nachricht -------- > Datum: Mon, 26 Nov 2007 17:48:44 +0100 > Von: Tony Earnshaw <[EMAIL PROTECTED]> > An: > CC: [email protected] > Betreff: Re: [dspam-users] EICAR equivalent for spam
> Steve skrev, on 26-11-2007 17:24: > > [...] > > > DSPAM is a statistical software and not a rule/hash based software like > an anti-virus application. Having a string or binary on witch DSPAM would > always report spam is pointless in a statistical software. > > > > If you want, you could create your own string and train with that string > your DSPAM installation to report that string as spam. > > > > For example (for my installation. Your installation could return another > token depending on the tokenizer and pvalue you use): > > mail / # dspam_crc > '[EMAIL PROTECTED](U^)EF2)7}$DSPAM-SPAM-TEST-STRING!$D+E*' > > TOKEN: '[EMAIL PROTECTED](U^)EF2)7}$DSPAM-SPAM-TEST-STRING!$D+E*' CRC: > 7843289567645217189 > > mail / # > > > > So just add token '7843289567645217189' to your DSPAM installation and > add a high spam count on that token. Add the token to a user (DSPAM uid) > where you turn off white listing and then you have your test for a string > which will always return spam when testing against a specific DSPAM user. To > not spoil the data in DSPAM I would test with --classify --mode=notrain in > order to not change the tokens and I would as well turn on TOE mode for that > user so that the purge script does not purge this token from the database. > > How many different tokens would OP have to add to catch all virus, ever, > even in the future, that proper AV software already catch? > Sorry but I don't get your point. I was under the impression that the OP wanted to have a unique and consistent way to flag a message as spam with DSPAM. The purpose of the OP is to have a way to test that DSPAM works correctly (like SpamAssassin offers with GTUBE (the Generic Test for Unsolicited Bulk Email) string "XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X"). I am under the impression that the OP does not want to substitute an AV with DSPAM. Correct me if I am wrong. > Sorry, but this is flogging a dead horse (as we in the knacker's trade > express it). > Sure it is "flogging a dead horse" if the plan of the OP is to substitute/replace an AV with DSPAM. That would be insane. > --Tonni > Steve > -- > Tony Earnshaw > Email: tonni at hetnet dot nl -- Psssst! Schon vom neuen GMX MultiMessenger gehört? Der kann`s mit allen: http://www.gmx.net/de/go/multimessenger
