ClamAV

September 28, 2021 Roberto Puzzanghera 8 comments

Clam AntiVirus is an open source (GPL) anti-virus toolkit for UNIX, designed especially for e-mail scanning on mail gateways.

Starting from v. 0.104.0 the installation of clamav is based only on CMake, which superseds the autotools install. Therefore we have to change the way the program is configured at compile time.

Since the installation we are going to do is very basic, I suggest to install a package from your distro and come back here to read the post-install notes.

What follows concerns the installation from source. As already said, CMake is needed and if your distro doesn't provide a recent version you should update it via python pip3; refer to this page if you need to update your CMake.

If you have a recent CMake version (v. 3.21.3 works here) this is how you can install clamav from source.

Razor2, Pyzor, Spamcop and DCC setup

July 14, 2021 Roberto Puzzanghera 0 comments

This page concerns the setup of several filtering networks which help spamassassin to decide if a given message is spam or not. Enabling them, together with the bayesian learning system, drastically improves the spamassassin efficiency in doing this.

Spamassassin User Preferences via SQL

July 12, 2021 Roberto Puzzanghera 20 comments

Info: http://spamassassin.apache.org/dist/sql/README - http://wiki.apache.org/spamassassin/UsingSQL

SpamAssassin can now load users' score files from an SQL database.  The concept here is to have a web application (PHP/perl/ASP/etc.) that will allow users to be able to update their local preferences on how SpamAssassin will filter their e-mail. The most common use for a system like this would be for users to be able to update the white/black list of addresses without the need for them to update their $HOME/.spamassassin/user_prefs file.

You can skip this page if you want to manage only global options via /etc/mail/spamassassin.

Be aware that user rules will be easily managed by means of the "sauprefs" plugin of Rouncube webmail.

Changelog

  • Jul 12, 2021
    -bug fix: the "preference" varchar length in the database "userprefs" table was increased to 50 (was 30) to create space for long labels such as  "bayes_auto_learn_threshold_spam", which resulted truncated before the modification.

Setting up a script for the Spamassassin's learning and reporting systems

June 20, 2021 Roberto Puzzanghera 0 comments

Now that we have the spam filters in place we have to train our bayesian system and report our spam to Razor, Pyzor and Spamcop.

The obvious thing that comes in mind at this point could be to call sa_learn and spamassassin --report in cascade when clicking in the Roundcube webmail's "Mark as Junk"  button (look  at the cmd_learn and multi_driver drivers of the markasjunk plugin), but this option has a couple of downsides:

  • the learning process, the resulting journal syncing and the connection to several filtering networks takes up to 10 seconds, a time interval that our users don't want to wait.
  • even worse, when they click the "Mark as Junk" button it is not always for a real spam message. For example, think about the regular newsletters that they no longer want to read and that they decide to conveniently label as spamming instead of unsubscribe in the proper way.

Therefore it is better to run these two tasks by means a cronjob every night (and this is going to solve the first issue), processing the messages stored in a folder where the users had copied only real spam or ham messages (then fixing the second as well).