On Thu, 2003-10-16 at 08:51, Michael A. Miller wrote: > >>>>> "Amal" == Amal Phadke <NOSPAM@NOSUCHHOST.hydrodyn.org> writes: > > > I am currently using combination of Spamassassin and access > > control via /etc/mail/access (I use sendmail) with good > > success. Now "MS Patches" are down to one or two per > > day. Before I used to get about 80 or more in a day. > > What spamassassin rules are you using for swen? After googling > for a while, I assembled the following rules that seem to work > pretty well. But I wonder if there is something more elegant > that I could do. For example, I expect this message to get > scored high when spamassassin sees the body ;-) > Spamassassin uses bayesian filtering now, at least in unstable. So just collect a whole pile of spam, and collect a whole pile of ham (real mail) and feed it to sa-learn. Read 'man sa-learn' for all the details. In brief: sa-learn --spam <directory where you store spam> or sa-learn --spam --mbox <mbox-file of spam> and sa-learn --ham <directory where your real e-mail is> or sa-learn --ham --mbox <mbox-file of real e-mail> Hope that helps. Marshal > Mike > > > score MICROSOFT_EXECUTABLE +5 > > body SWENVIRUS /allow an malicious user to run code on your computer/ > score SWENVIRUS +5.5 > > body SWENVIRUS2 /Microsoft C.*mer/i > score SWENVIRUS2 +2 > > body SWENVIRUS3 /You don't need to do anything after installing this item/i > score SWENVIRUS3 +2 > > header SWENHEADER Subject =~ /Microsoft Critical/i > score SWENHEADER +2 > > header SWENHEADER2 Subject =~ /New Microsoft Security Update/i > score SWENHEADER2 +2 >
Attachment:
signature.asc
Description: This is a digitally signed message part