Training with sa-learn for viruses?

Dominic Raferd dominic at timedicer.co.uk
Wed May 31 12:28:09 CEST 2017


On 31 May 2017 at 11:09, Nikolaos Milas <nmilas at noa.gr> wrote:

> Hello,
>
> I am using amavis with clamav and spamassassin and I am regularly training
> for spam using the command:
>
>    sa-learn --dbpath '/var/amavis/var/.spamassassin' --spam
>    /var/amavis/reported-spam
>
> Things work fine with "pure" spam.
>
> My problem is that some highly suspicious email messages that they look
> like they most probably carry infected attachments are not processed as
> spam using the above procedure in order to be blocked in the future.
>
> For example, I am training for 4 messages of which one is true spam and
> the rest are infected mails, but I only get:
>
>    Learned tokens from 1 message(s) (4 message(s) examined)
>
> What should I be doing to train the system and/or its components to
> characterize such mails as "virus" (or at least "spam") and block similar
> ones in the future?


Spamassassin is not a tool for identifying or blocking viruses - see
https://wiki.apache.org/spamassassin/FilteringViruses. For this you need an
antivirus tool. Clamav in its standard form is pretty useless IMHO but it
is rather more effective with the sanesecurity addon signatures.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.amavis.org/pipermail/amavis-users/attachments/20170531/f1ebc3a3/attachment.html>


More information about the amavis-users mailing list