-------- Original-Nachricht -------- > Datum: Mon, 26 Nov 2007 17:30:32 +0000 > Von: Mark Rogers <[EMAIL PROTECTED]> > An: [email protected] > Betreff: Re: [dspam-users] EICAR equivalent for spam
> Steve wrote: > > DSPAM is a statistical software and not a rule/hash based software > > like an anti-virus application. Having a string or binary on witch > > DSPAM would always report spam is pointless in a statistical software. > > > > If you want, you could create your own string and train with that > > string your DSPAM installation to report that string as spam. > > > > [...] > > I'm not sure I followed all of that sufficiently to be able to work > through it. Assuming I'm injecting the mail into the system as normal > (ie by sending an email) then I'm not sure how I'd tell dspam not to > train on it. I can see how I might do that from the command line but > that doesn't help me test that the mail server is processing spam > correctly. But I'm probably missing something! > If the purpose is to test DSPAM functionality, then having a unique recipient (lets say its called [EMAIL PROTECTED]) which you reroute to a specific DSPAM instance would be trick. I use Postfix and I would just catch the recipient ([EMAIL PROTECTED]) with a lookup table or pcre/regex table and reroute the transport to go to a specific dspam transport. Pretty much the same way as if I would setup a spam/ham alias in Postfix for DSPAM. Just this time I would not catch ham/spam miss classifications but capture a message intended to produce the function test. Do you understand what I mean? (sorry. English is not my native language) > Tony Earnshaw wrote: > > How many different tokens would OP have to add to catch all virus, > > ever, even in the future, that proper AV software already catch? > > > > Sorry, but this is flogging a dead horse (as we in the knacker's trade > > express it). > > > > Tony, you're missing the point of what I want to do. I don't want dspam > to catch EICAR - that's the job of anti-virus software as you point out. > > I want it to catch something similar (a "fake" spam) so that I can test > my dspam installation in the same way I can test my AV install using > EICAR. Eg: I can send the EICAR "virus" into or through my mail server > in various ways and see what happens. I want to similarly send a test > spam through my mail server and confirm (a) that it gets caught, (b) > check it's visible through quarantine (for the correct user), (c) check > it has correct headers inserted etc, (d) test my mail client for correct > routing of received spam as flagged by dspam, (e...) and so on. > > The "wait until a spam is received for that user" approach isn't always > ideal! In particular I can't test the spam setup that way until the MX > records are pointed at the server so that it starts to collect spam. > Also, I could routinely send a welcome message to new users including > the "spam signature" which I know would end up in their quarantine and > could be part of the user training process that is usually somewhat > harder than training dspam itself :-) > > At the moment, the best I can do is use dspam to call clamav, and rely > on dspam indirectly quarantining EICAR, but I have some clients who want > anti-virus but not anti-spam (and might one day have those who want the > reverse). > > -- > Mark Rogers // More Solutions Ltd (Peterborough Office) // 0845 45 89 555 > Registered in England (0456 0902) at 13 Clarke Rd, Milton Keynes, MK1 1LG -- GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS. Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
