You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@spamassassin.apache.org by Apache Wiki <wi...@apache.org> on 2008/10/21 00:27:56 UTC
[Spamassassin Wiki] Update of "CustomPlugins" by JustinCranshaw
Dear Wiki user,
You have subscribed to a wiki page or wiki category on "Spamassassin Wiki" for change notification.
The following page has been changed by JustinCranshaw:
http://wiki.apache.org/spamassassin/CustomPlugins
The comment on the change is:
Added entry for PhishPatrol plugin. Added horizontal rule between each plugin.
------------------------------------------------------------------------------
= The Plugins =
+ -----
+
+ ||||<^(90% style="border: none;"> '''!PhishPatrol^TM^ by Wombat Security Technologies, Inc.''' ||||<^)|2 style="border: none;"> http://www.cs.cmu.edu/~jcransh/PhishPatrol_medium_smallest.png ||
+ ||<(15% style="border: none;"> http://www.cs.cmu.edu/~jcransh/wombat_logo_vertical_small.png ||<( style="border: none;"> !PhishPatrol^TM^ is an email filter from Wombat Security Technologies designed specifically to identify email based phishing attacks before they can lure users into to divulging personal information. In contrast to solutions that rely solely on blacklists and email signatures, the !PhishPatrol^TM^ email filter uses advanced machine learning to catch new phishing attacks from the very start. Extensive evaluation of !PhishPatrol^TM^ has shown that it consistently catches more phish than the best email spam filters and has far fewer false positives. As a SpamAssassin plug-in, !PhishPatrol^TM^ integrates seamlessly with your existing installation of SpamAssassin.||
+
+ '''!PhishPatrol^TM^ --- ''Powerful phishing detection from Wombat Security Technologies, Inc.''''' [[BR]]
+
+ ||<25% style="border: none;">'''''Created by:''''' ||<style="border: none;"> Wombat Security Technologies, Inc. ||
+ ||<25% style="border: none;">'''''Contact:''''' ||<style="border: none;"> sales ''-at-'' wombatsecurity ''-dot-'' com ||
+ ||<25% style="border: none;">'''''License Type:''''' ||<style="border: none;"> Commercial annual subscription ||
+ ||<25% style="border: none;">'''''Status:''''' ||<style="border: none;"> Active ||
+ ||<25% style="border: none;">'''''Available at:''''' ||<style="border: none;"> http://wombatsecurity.com ||
+
+ -----
+
'''Commtouch Plug-in for SpamAssassin'''[[BR]]
The Commtouch Plug-In is a quick, easy way to inoculate SpamAssassin-protected mail servers against zero-hour threats, and to beef up detection against zombie- or botnet-generated spam.[[BR]]
Created by: Commtouch Software Ltd. [[BR]]
@@ -37, +52 @@
License Type: Commercial annual subscription[[BR]]
Status: Active [[BR]]
Available at: http://www.commtouch.com/Site/Products/SpamAssassin.asp [[BR]]
+
+ -----
'''Cloudmark Authority''' [[BR]]
8 different fingerprinting algorithms for spam, phishing, and virus. Authority offers significant performance and accuracy improvements with automatic rules and configuration updates every minute. Brought to you by the makers of Razor. [[BR]]
@@ -47, +64 @@
Available at: http://www.cloudmark.com/spamassassin [[BR]]
Note: Razor plug-in with local signature cache [[BR]]
+ -----
+
'''PDFassassin''' [[BR]]
A plugin which scans PDF attachments, exports text from PDF files and uses OCR to extract image spam embeded in PDF files. Helpful to catch Spam messages been sent as PDF files, uses the gocr and pdftotext utilities as a dependency [[BR]]
Created by: Ben Duncan [[BR]]
@@ -56, +75 @@
Available at: http://blog.atmail.com/?p=61 [[BR]]
Note: First release, proof of concept[[BR]]
+ -----
+
'''!DumpText''' [[BR]]
A demo plugin that simply dumps the rendered text to stderr. [[BR]]
Created by: Justin Mason [[BR]]
@@ -64, +85 @@
Status: active [[BR]]
Available at: DumpTextPlugin [[BR]]
+ -----
+
'''ClamAV''' [[BR]]
This plugin submits the entire email to a locally running [http://www.clamav.net/ Clam AntiVirus] server for virus detection. [[BR]]
Created by: Troels Walsted Hansen [[BR]]
@@ -72, +95 @@
Status: Active [[BR]]
Available at: Self:ClamAVPlugin [[BR]]
Note: Requires the [http://search.cpan.org/~cfaber/File-Scan-ClamAV/lib/File/Scan/ClamAV.pm File::Scan::ClamAV] perl module. [[BR]]
+
+ -----
'''WrongMX''' [[BR]]
A plugin that determines if an email was sent to a lower preference MX when a higher preference MX was probably available. [[BR]]
@@ -81, +106 @@
Status: active [[BR]]
Available at: Self:WrongMXPlugin [[BR]]
+ -----
+
'''!AuthzUser''' [[BR]]
A example plugin using the services_allowed_for_username hook (available in 3.1 dev tree) that determines if a username is authorized to use a particular service. [[BR]]
Created by: Michael Parker [[BR]]
@@ -89, +116 @@
Status: active [[BR]]
Available at: Self:AuthzUserPlugin [[BR]]
+ -----
+
'''!ReplaceTags''' [[BR]]
A plugin to create character classes, which can be used in your rules to increases the chance of matching. [[BR]]
Created by: Felix Bauer [[BR]]
@@ -97, +126 @@
Status: active [[BR]]
Available at: Self:ReplaceTags [[BR]]
Note: Please read the POD
+
+ -----
'''!PublicCheckTo''' [[BR]]
A plugin that tests for email sent to public addresses, (such as mailing lists) it can
@@ -108, +139 @@
Status: beta [[BR]]
Available at: http://geniegate.com/other/spamref/index.php [[BR]]
Note: For the In-Reply-To to work, it needs a storage implementation. (Included are SQL and flat file)
+
+ -----
'''!CustomLearner''' [[BR]]
This plugin implements a different bayes learning algorithm: every message
@@ -120, +153 @@
Available at: http://bugzilla.spamassassin.org/show_bug.cgi?id=2094 [[BR]]
Note: This plugin should really use the new plugin interface. I intend to
implement it as soon as SA 3.1.0 is ready.[[BR]]
+
+ -----
'''!UIUC''' [[BR]]
Mail::SpamAssassin::UIUC is a project to connecting the CITES Spam Control
@@ -137, +172 @@
Note: This distribution is actually released as a full patch to SpamAssassin, for ease of use by the
UIUC community. More information on modified files is available at the main website.
+ -----
+
'''Mail::SpamAssassin::Plugin::LDAPfilter''' [[BR]]
Mail::SpamAssassin::Plugin::LDAPfilter provides LDAP-based blacklist and
whitelist filtering capabilities to SpamAssassin 3.x installs. Specific
@@ -150, +187 @@
Available at: http://www.ntrg.com/misc/ldapfilter/ [[BR]]
Note: see http://www.ntrg.com/misc/ldapfilter/ldapfilter.html first[[BR]]
+ -----
+
'''Mail::SpamAssassin::Plugin::iXhash''' [[BR]]
Mail::SpamAssassin::Plugin::iXhash is based on the procmail-based project 'NiXSpam', created and maintained by Bert Ungerer, editor with the German IT-magazin 'iX' (http://www.heise.de/ix/). Basically redundant information is removed from the body of a mail, then a MD5 hash is computed from the rest and compared to a given database of known spam. The actual comparison is realised via DNS. See code for more info. Read up at http://www.heise.de/ix/nixspam/ for even more.
.[[BR]]
@@ -160, +199 @@
Available at: Self:iXhash [[BR]]
Note: Please read the POD too [[BR]]
+ -----
+
'''URICountry''' [[BR]]
This plugin provides meta data for scoring URIs based on the country in which they are hosted enabling easy creation of rules for any country[[BR]]
Created by: Derek Harding[[BR]]
@@ -167, +208 @@
License Type: Same as SpamAssassin[[BR]]
Status: active [[BR]]
Available at: Self:URICountryPlugin [[BR]]
+
+ -----
'''SAGrey'''[[BR]]
SAGrey is two-phased, in that it first looks to see if the current score of the current message exceeds the user-defined threshold value (as set in one of the cf files), and then looks to see if the message sender's email and IP address tuple are already known to the auto-whitelist (AWL) repository. If the message is spam and the sender is unknown, SAGrey assumes that this is one-time spam from a throwaway or zombie account, and fires accordingly.[[BR]]
@@ -174, +217 @@
License Type: Same as SpamAssassin[[BR]]
Status: seemingly-functional initial release; ongoing development[[BR]]
Available at: http://www.ntrg.com/misc/sagrey/ [[BR]]
+
+ -----
'''POPAuth''' [[BR]]
Utilizes an access.db style hash file to extend the SpamAssassin
@@ -186, +231 @@
Status: active [[BR]]
Available at: Self:POPAuthPlugin [[BR]]
+ -----
+
'''!CustomDeleteTag''' [[BR]]
This !SpamAssassin plugin module allows users to specify a value that will be added to the
message header, for all messages, specifying what value/score it is safe to delete the
@@ -197, +244 @@
Status: active [[BR]]
Available at: Self:CustomDeleteTag [[BR]]
+ -----
+
'''Persistent Database Plugin''' [[BR]]
This plugin module provides persistent database connections. It uses the DBI interface in much the same way that Apache::DBI does, in fact a large portion of the inspiration comes from that module.
@@ -210, +259 @@
Status: active [[BR]]
Available at: Self:DBIPlugin [[BR]]
+ -----
+
'''!WebRedirect''' [[BR]]
Fetches web pages linked to in messages and provides their contents in a pseudo-header that can be used in custom header rules.
@@ -222, +273 @@
Status: active [[BR]]
Available at: Self:WebRedirectPlugin [[BR]]
+
+ -----
'''Stats Plugin''' [[BR]]
Keeps real-time statistics inside of a MySQL database. Statistics are rotated on a daily basis and contain user totals for that day; including total ham, spam, and messages processed. A "$TOTALS" field provides the complete summary of messages processed by the system for the day. [[BR]]
@@ -230, +283 @@
License Type: Apache License, Version 2.0 [[BR]]
Status: active [[BR]]
Available at: Self:StatsPlugin [[BR]]
+
+ -----
'''OCR Plugin''' [[BR]]
Checks for specific keywords in image/gif attachments, using {{{gocr}}}. This can be used to detect spam that puts all the real contect in an attached image, accompanied with random text and html (no URL's, etc). [[BR]]
@@ -240, +295 @@
Available at: Self:OcrPlugin [[BR]]
Note: this is my first SA plugin, so any feedback is welcome. Please test and send reports. [[BR]]
+ -----
+
'''OCR scanner and image validator SA-plugin''' [[BR]]
Checks for specific keywords in gif/jpg/png attachments, using {{{gocr}}}. This can be used to detect spam that puts all the real contect in an attached image, accompanied with random text and html (no URL's, etc). There are also various rules to validate attached images and detect forged content types or broken images. This plugin needs SpamAssassin 3.1.1 or later. The version 2.0 is able to defeat recent gif animations which use gif tricks to avoid OCR.[[BR]]
Created by: Martin Blapp [[BR]]
@@ -249, +306 @@
Available at: http://antispam.imp.ch/patches/ocrtext-3.2.tgz [[BR]]
Note: Feedback and new sample images are welcome. Please test and send reports. [[BR]]
+ -----
+
'''Fuzzy OCR Plugin''' [[BR]]
Derived from OcrPlugin (see above), but has many feature enhancements, including an approximate matching algorithm to compensate recognition errors and obfuscation, support for broken gifs, jpeg and png, dynamic scoring, automatic content-type independant format detection and many more.[[BR]]
Created by: Christian Holler [[BR]]
@@ -258, +317 @@
Available at: Self:FuzzyOcrPlugin [[BR]]
Note: Feedback and new sample images are welcome. Please test and send reports. [[BR]]
+ -----
+
'''DSPAM''' [[BR]]
When using dspam in conjuction with SpamAssassin and amavisd-new, amavisd-new automatically has dspam calculate the probabability of a message being HAM/SPAM and then insert headers. If you have SA installed, the dspam information goes to waste. That is unless you take advantage of this plugin.[[BR]]
Created by: Eric Lubow [[BR]]
@@ -267, +328 @@
Available at: http://eric.lubow.org/projects/dspam-spamassassin-plugin/ [[BR]]
Note: Using dspam's results, this module adds a tag/token to the message that SA picks up and based on the score you assign it in the ruleset configuration file, it adds/subtracts that score. Read the homepage link for more information.[[BR]]
+ -----
+
'''Relayed By Dialup''' [[BR]]
This plugin tries to find out if the delivering host has its IP coded in the DNS-record. it doesn't lookup the IPs itself, but takes the data from the Received-Headers.[[BR]]
Created by: Lars Uffmann, converted to a Module: Cord Beermann [[BR]]
@@ -275, +338 @@
Status: active [[BR]]
Available at: RelayedByDialup [[BR]]
Sample Results: on my setup hits of this test are 97% spam, the rest is ham [[BR]]
+
+ -----
'''Addressbook''' [[BR]]
This provides a way to automatically give a negative score to all addresses in an addressbook, which may be updated dynamically. It's not the same as whitelisting all addresses because spammers may know about some of them, so we don't want to whitelist, only give a small negative score. It's not the same as autowhitelist (AWL), which is an unlabeled learner, i.e. it just smooths scores per sender over time, but doesn't help senders who have consistently high scores.[[BR]]
@@ -284, +349 @@
Status: active[[BR]]
Available at: http://svn.cubewano.org/repos/spamassassin-addons/trunk/plugins/addressbook.pm [[BR]]
+ -----
+
'''Mail::!SpamAssassin::Plugin::OpenPGP''' [[BR]]
Validates OpenPGP-signed emails; requires Mail::GPG[[BR]]
Created by: Dave Brondsema [[BR]]
@@ -293, +360 @@
Available at: [http://search.cpan.org/perldoc?Mail::SpamAssassin::Plugin::OpenPGP] [[BR]]
SVN: http://konfidi.org/wiki/SVN/ (in clients/spamassassin-openpgp/trunk) [[BR]]
+ -----
+
'''crm114''' [[BR]]
Plugin to use [http://crm114.sourceforge.net/ CRM114][[BR]]
Created by: MartinSchuette [[BR]]
@@ -301, +370 @@
Status: Active [[BR]]
Available at: [http://mschuette.name/files/crm114.pm] and [http://mschuette.name/files/crm114.cf] [[BR]]
+ -----
+
'''Bayes OCR Plugin''' [[BR]]
Bayes OCR Plugin performs a Bayesian content analysis of the OCR extracted text to help Spamassassin catch spam messages with attached images. [[BR]]
Created by: PRA Group, DIEE, University of Cagliari (Italy) [[BR]]
@@ -310, +381 @@
Available at: [http://prag.diee.unica.it/n3ws1t0/?q=node/108 Bayes OCR Plugin - Project page] [[BR]]
Note: (Please remind Bayes OCR Plugin is still beta!)[[BR]]
+ -----
+
'''Image Cerberus Plugin''' [[BR]]
Image Cerberus Plugin performs a content analysis of images attached to e-mails by image processing and pattern recognition techniques. [[BR]]
Created by: PRA Group, DIEE, University of Cagliari (Italy) and Ambient Intelligence Lab, Sardegna DistrICT, Sardegna Ricerche (italy) [[BR]]
@@ -317, +390 @@
License Type: Apache License, Version 2.0 [[BR]]
Status: Active [[BR]]
Available at: [http://prag.diee.unica.it/n3ws1t0/imageCerberus Plugin - Project page] [[BR]]
+
+ -----
'''sa2dnsbl''' [[BR]]
If you want to build your own rbldns System and reuse the Filtering results of Spamassassin this package could be the sollution. It is a UDP based client-server application which reports all spamming IP's to one Server. A worker thread (cronjob) creates the IP list to block. This sollution take use of the rbldns server included in the djbdns distribution.[[BR]]
@@ -326, +401 @@
License Type: Apache License, Version 2.0 [[BR]]
Status: Active [[BR]]
Available at: http://www.fbis.ch/download.php?id=17 [[BR]]
+
+ -----
'''Log Scanned Messages''' [[BR]]
This plugin will write a copy of every mail scanned to the
@@ -338, +415 @@
Status: Active [[BR]]
Available at: http://taint.org/x/2007/LogScannedMessages.pm [[BR]]
+ -----
+
'''Mail::!SpamAssassin::Plugin::Konfidi''' [[BR]]
For authenticated messages, queries the Konfidi (http://konfidi.org) trust network for a computed inferred trust value of the sender.[[BR]]
Note: as of Jan '08 only Mail::SpamAssassin::Plugin::OpenPGP is supported for auth; SPF and DKIM are planned.
@@ -348, +427 @@
Available at: [http://search.cpan.org/perldoc?Mail::SpamAssassin::Plugin::Konfidi] [[BR]]
SVN: http://konfidi.org/wiki/SVN/ (in clients/spamassassin/trunk) [[BR]]
+ -----
+
'''Freemail''' [[BR]]
Checks if message is sent from a "freemail" account. Also checks a specific spam sign, if a message has Reply-To or email mentioned in body pointing to a different freemail account.[[BR]]
Created by: Henrik Krohns [[BR]]
@@ -356, +437 @@
Status: Active [[BR]]
Available at: http://sa.hege.li/FreeMail.pm http://sa.hege.li/FreeMail.cf [[BR]]
+ -----
+
'''Mail::!SpamAssassin::Plugin::!CollectTokens''' [[BR]]
Collects tokens from bayes in a SQL database, making it possible to see what tokens the bayes database contains.[[BR]]
Created by: Jonas Eckerman [[BR]]
@@ -364, +447 @@
Status: active [[BR]]
Available at: http://whatever.frukt.org/spamassassin.text.shtml#CollectTokens.pm [[BR]]
+ -----
+
'''Mail::!SpamAssassin::Plugin::p0fOS''' [[BR]]
Fetches the OS info from a database populated from p0f and inserts it in a header for use in scores and bayes. The database can reside on and/or be populated from a different system (such as a firewall or router).[[BR]]
Created by: Jonas Eckerman [[BR]]
@@ -373, +458 @@
Available at: http://whatever.frukt.org/p0fstats.text.shtml#p0fOS.pm [[BR]]
Note: To use you also need the scripts (from the same place as the plugin) and the p0f OS fingerprinting application.[[BR]]
+ -----
+
'''Mail::!SpamAssassin::Plugin::!MimeMagic''' [[BR]]
Checks for mismatches between a parts MIME type and its actual content.[[BR]]
Created by: Jonas Eckerman [[BR]]
@@ -382, +469 @@
Available at: http://whatever.frukt.org/spamassassin.text.shtml#MimeMagic.pm [[BR]]
Note: Some mismatches really aren't, so the plugin can have a map between types that are considered equal.[[BR]]
+ -----
+
'''Mail::!SpamAssassin::Plugin::!HashCount''' [[BR]]
Counts messages using iXhash/Nix``Spam like hashes.[[BR]]
Created by: Jonas Eckerman [[BR]]
@@ -390, +479 @@
Status: active [[BR]]
Available at: http://whatever.frukt.org/spamassassin.text.shtml#HashCount.pm [[BR]]
+ -----
+
'''Mail::!SpamAssassin::Plugin::!HeadersToBody''' [[BR]]
Copies the (decoded) content of specified headers to the decoded/rendered body of a the message object.[[BR]]
Created by: Jonas Eckerman [[BR]]
@@ -398, +489 @@
Status: active [[BR]]
Available at: http://whatever.frukt.org/spamassassin.text.shtml#HeadersToBody.pm [[BR]]
+ -----
+
'''!FromNotReplyTo''' [[BR]]
Compares 'From:' and 'Reply-To:' headers. [[BR]]
Created by: Ronnie Mose [[BR]]
@@ -405, +498 @@
License Type: Public Domain [[BR]]
Available at: FromNotReplyTo [[BR]]
-
- ----
+ -----
+
= Format for new entries =
Suggested format (a la CustomRulesets format):
@@ -421, +514 @@
Mirror: (if applicable) [[BR]]
Note: (any extra notes)[[BR]]
Sample Results: (mass-check results if available) [[BR]]
- ----
+ -----
- CategorySoftware
+ CategorySoftware CategorySoftware