-------- Original-Nachricht -------- > Datum: Mon, 26 Nov 2007 10:03:20 -0800 > Von: LedHed <[EMAIL PROTECTED]> > An: Mark Rogers <[EMAIL PROTECTED]> > CC: [email protected] > Betreff: Re: [dspam-users] EICAR equivalent for spam
> Mark Rogers wrote: > > Steve wrote: > >> DSPAM is a statistical software and not a rule/hash based software > >> like an anti-virus application. Having a string or binary on witch > >> DSPAM would always report spam is pointless in a statistical software. > >> > >> If you want, you could create your own string and train with that > >> string your DSPAM installation to report that string as spam. > >> > >> [...] > > > > I'm not sure I followed all of that sufficiently to be able to work > > through it. Assuming I'm injecting the mail into the system as normal > > (ie by sending an email) then I'm not sure how I'd tell dspam not to > > train on it. I can see how I might do that from the command line but > > that doesn't help me test that the mail server is processing spam > > correctly. But I'm probably missing something! > > > > Tony Earnshaw wrote: > >> How many different tokens would OP have to add to catch all virus, > >> ever, even in the future, that proper AV software already catch? > >> > >> Sorry, but this is flogging a dead horse (as we in the knacker's > >> trade express it). > >> > > > > Tony, you're missing the point of what I want to do. I don't want > > dspam to catch EICAR - that's the job of anti-virus software as you > > point out. > > > > I want it to catch something similar (a "fake" spam) so that I can > > test my dspam installation in the same way I can test my AV install > > using EICAR. Eg: I can send the EICAR "virus" into or through my mail > > server in various ways and see what happens. I want to similarly send > > a test spam through my mail server and confirm (a) that it gets > > caught, (b) check it's visible through quarantine (for the correct > > user), (c) check it has correct headers inserted etc, (d) test my mail > > client for correct routing of received spam as flagged by dspam, > > (e...) and so on. > > > > The "wait until a spam is received for that user" approach isn't > > always ideal! In particular I can't test the spam setup that way until > > the MX records are pointed at the server so that it starts to collect > > spam. Also, I could routinely send a welcome message to new users > > including the "spam signature" which I know would end up in their > > quarantine and could be part of the user training process that is > > usually somewhat harder than training dspam itself :-) > > > > At the moment, the best I can do is use dspam to call clamav, and rely > > on dspam indirectly quarantining EICAR, but I have some clients who > > want anti-virus but not anti-spam (and might one day have those who > > want the reverse). > > > Mark, > > You don't seem to understand. DSpam is not SpamAssassin. On a fresh > install of DSpam there is no statistical data, or more simply put there > is no Out of the Box filtering. Which means that even if you were to > send the GTube message (or other spam) to DSpam for filtering, DSpam > wouldn't have any reason to consider it Spam because it hasn't been > sufficiently trained yet. You could feed DSpam the SA Public Corpus, but > there is no guarantee that it will catch the GTube/Test Spam message. > > So to answer your original question, No there is no way to test DSpam > with an EICAR like test message. > That is 100% true but he could easy make DSPAM to handle the GTube test message by doing little work and add the GTube test string into DSPAM as spam. And I think this was his question. Or not? > -Jeff Harris > SteveB -- GMX FreeMail: 1 GB Postfach, 5 E-Mail-Adressen, 10 Free SMS. Alle Infos und kostenlose Anmeldung: http://www.gmx.net/de/go/freemail
