You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by John Woolsey <jw...@Activation.net> on 2005/11/27 22:45:09 UTC
How effective is it?
Is SA more effective than popfile? And can you manually train it (if you have root access)?
- thanx - JAW
Re: How effective is it?
Posted by Magnus Holmgren <ho...@lysator.liu.se>.
Andy Pieters wrote:
> On Sunday 27 November 2005 22:59, Steven Stern wrote:
>
>>sa-learn --spam --mbox /home/*/mail/should-be-spam
>>sa-learn --ham --mbox /home/*/mail/should-be-ham
>
>
> Isn't this dangerous? I mean, what if a user saves a message with the name
> "|passwd -d" (without quotes)
>
> It would get executed then as
>
> sa-learn --spam --mbox /home/*/mail/should-be-spam|passwd -d
No. To begin with, when the shell expands glob patterns, it doesn't
suddenly treat special characters in filenames specially (that would be
suicidal); it simply treats them as part of the filenames they are in
fact part of. Furthermore, there isn't even any * or ? to expand at the
ends of Steven's commands.
Try this: Create a file named "|echo foo", then run "echo bar *echo*".
"*echo*" matches the file just created, but the result isn't the
execution of
echo bar |echo foo
(which would output "foo"). Instead, it does this:
echo bar "|echo foo"
(which outputs "bar |echo foo").
--
Magnus Holmgren
Re: How effective is it?
Posted by Andy Pieters <x_...@yahoo.fr>.
On Sunday 27 November 2005 22:59, Steven Stern wrote:
> sa-learn --spam --mbox /home/*/mail/should-be-spam
> sa-learn --ham --mbox /home/*/mail/should-be-ham
Isn't this dangerous? I mean, what if a user saves a message with the name
"|passwd -d" (without quotes)
It would get executed then as
sa-learn --spam --mbox /home/*/mail/should-be-spam|passwd -d
Effectively removing the root password
With kind regards
Andy
--
Now listening to Phase - Morning Light on amaroK
Geek code: www.vlaamse-kern.com/geek
Registered Linux User No 379093
If life was for sale, what would be its price?
www.vlaamse-kern.com/sas/ for free php utilities
--
Re: How effective is it?
Posted by Steven Stern <su...@sterndata.com>.
John Woolsey wrote:
> Is SA more effective than popfile? And can you manually train it (if you have root access)?
>
> - thanx - JAW
>
I set up popfile on clients' computers to help them both with spam and
categorization, but it's not the best solution to spam.
1. Yes. It has access to more tests. Popfile is only (only?) a Bayes
analysis filter. SpamAsssassin uses a wide variety of tests, some
coming with the system, some self-made, and some from places like Rules
Emporium.
2. Yes, but root access is not required. I set up IMAP folders
"should-be-spam" and "should-be-ham" for each user and have them drag
messages that are misclassified into them. A scheduled job (run as root)
executes sa-learn to update Bayes filters.
For example:
sa-learn --spam --mbox /home/*/mail/should-be-spam
sa-learn --ham --mbox /home/*/mail/should-be-ham
--
Steve