Simplistic mail filtering (antivirus, antispam) with DisSpam

[dsd]

Well, I know there is no lack of mail filtering techniques around here, but here's another.

This one is fairly simple, I noticed how many of these approaches involve fetchmail, getmail, sendmail, qmail, procmail, thismail and thatmail.... but this one only involves one perl script (DisSpam), plus a perl module for antispam (SpamAssassin), plus a package for antivirus (ClamAV).

To put it simply:
DisSpam connects to your POP3 mailserver regularly, deletes all the mails it thinks are spam and/or viruses, and disconncts.

Based on a page I wrote on my website, here


Installing perl modules
Some of what we need is in portage, some isn't. It's simple to obtain other perl modules through CPAN.

As root,

Firstly:

Code: Select all

emerge Net-DNS Mail-SpamAssassin MIME-tools clamav

Next, for the other perl modules:

Code: Select all

perl -MCPAN -e shell
# answer the questions if you have never been into CPAN before (defaults are usually safe)
install Inline::MakeMaker
force install Mail::ClamAV
exit

Updating virus definitions
To update to the latest virus definitions, as root, execute:

Code: Select all

freshclam

Downloading and patching DisSpam
DisSpam 0.12 vanilla supports spam filtering. I recently wrote a patch to add anti-virus mail filtering, which is currently being reviewed by the author. So for now, we will have to patch the DisSpam source manually.

It is recommended that you use a non-root user to set up and configure disspam. From a shell:

Code: Select all

wget http://freshmeat.net/redir/disspam/22053/url_tgz/disspam-0.12.tar.gz
tar xzvf disspam-0.12.tar.gz
cd disspam
wget http://www.reactivated.net/patches/disspam-0.12/disspam-virus-checking.patch
patch -p1 < disspam-virus-checking.patch

DisSpam configuration
Copy the file sample.conf to disspam.conf and open disspam.conf in your favourite text editor, i.e.:

Code: Select all

cp sample.conf disspam.conf
nano disspam.conf

At the end of [GLOBAL] section, you will find these four lines:

Code: Select all

# spamassassin=yes
# clamav=yes
# avtemporary=/tmp/clamav.temp
# mimestore=/tmp/mimestore

Uncomment all four by removing the # and the space before each setting.
The [RBL] section may be left alone, as we are using SpamAssassin for spam filtering.

Now you must configure a mailbox that DisSpam will filter. You will see a section in the config file marked "Your custom mailbox section(s) start here". Below that, there are some sample values. You need to change the email, host, username, and password keys to your personal values.

Personally, I like to set the backupfile option to store any mails that are filtered and deleted. I have been using SpamAssassin for over a year and it has only turned up one "false positive" that I know about. This option will store all the "spam" mails, and that may be helpful, if you ever lose an important mail!

I also like to enable the sendbounceback option. This option will "bounce" any mails that are filtered out by DisSpam. This informs the senders of any mails that become "false positives" that I have *not* read their mail, and also acts as a spam-the-spammer measure!

If you are interested in the configuration, you should read configuration.txt included in the distribution.


Test run
When you are happy with the configuration, run DisSpam to check that it works as expected:

Code: Select all

./disspam.pl disspam.conf

DisSpam should work through all your mails successfully.


Automation with cron
Assuming all is working well, you now want to schedule DisSpam to run regularly, and it may also be useful to keep ClamAV up to date automatically.

We will use cron here to automate these tasks. As the user that you wish to filter the spam with, run:

Code: Select all

crontab -e

We will add a line at the bottom of this file to schedule DisSpam to be run regularly. Mine looks like this:

Code: Select all

0 * * * * /home/spam/disspam.pl /home/spam/disspam.conf > /home/spam/spamlog &

Here is a brief explanation of what each part means:

• 0 * * * * - This is cron notation which means "run every hour, on the hour". Tutorials such as this one do a good job at explaining this notation.
• /home/spam/disspam.pl - This is the absolute location of my disspam.pl file from the DisSpam distribution.
• /home/spam/disspam.conf - This is the absolute location of my disspam.conf file which we created in step 4.
• /home/spam/spamlog - This is a file where I log the output of DisSpam's most recent run. If you don't want to log this, then use /dev/null here.

You may also want to automate the updating of ClamAV's virus definitions. su to root, run crontab -e and add the following line, to make ClamAV update every night at midnight:

Code: Select all

0 0 * * * freshclam > /dev/null

and thats it
let me know if you have any problems/questions, and i'll do my best to help.

dsd

[floam]

Wow, never though of doing it that way (Deleting the mail before it gets to you) nice!

[leifbk]

Mail::ClamAV won't install at all, no matter:

ClamAV.xs: In function `clamav_perl_constant':
ClamAV.xs:274: error: `CL_OLE2' undeclared (first use in this function)
ClamAV.xs:274: error: (Each undeclared identifier is reported only once
ClamAV.xs:274: error: for each function it appears in.)
ClamAV.xs:275: error: `CL_ENCRYPTED' undeclared (first use in this function)
make[1]: *** [ClamAV.o] Error 1
make[1]: Leaving directory `/root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV'

A problem was encountered while attempting to compile and install your Inline
C code. The command that failed was:
make

The build directory was:
/root/.cpan/build/Mail-ClamAV-0.08/_Inline/build/Mail/ClamAV

To debug the problem, cd to the build directory, and inspect the output files.

at /root/.cpan/build/Mail-ClamAV-0.08/blib/lib/Mail/ClamAV.pm line 150
BEGIN failed--compilation aborted at /root/.cpan/build/Mail-ClamAV-0.08/blib/lib/Mail/ClamAV.pm line 429.
Compilation failed in require.
BEGIN failed--compilation aborted.
make: *** [ClamAV.inl] Error 2
/usr/bin/make -- NOT OK
Running make test
Can't test without successful make
Running make install
make had returned bad status, install seems impossible

--
regards, Leif.

[scootersmk]

I am trying to come up with a way to filter spam for about 40+ email accounts on windows boxes at work. Would this be able to handle that many users. I am thinking about using a gentoo box to go into each account on the server maybe 2 or 3 times a day and delete spam for each account. It is an outsourced email server so this looks like one of the better solutions that would not require any changes on the user's side. What do you think?

[dextur]

I use Disspam with spamassassin but it does not seem to detect all spam messages. I'd like to lower the score for messages that get deleted. How do I do that?

Added ---

OK it seems i lower the score in my user_prefs file for spamassassin. However when I use disspam as a cron job it runs as root. Therefor i made /root/.spamassassin a symlink to /home/myuser/.spamassassin
When i then run disspam as root manually it uses the settings fine. But when i let the cronjob run the same command it does not seem to use the user_prefs file.

Any Ideas?

[alexbuell]

HOWTO

I've just updated disspam.pl to work with spamassassin 3.0.2, and here's the patch, it applies to your patched disspam.pl. Just thought I'd contribute seeing as yours only work with spamassassin 2.*.

http://www.munted.org.uk/programming/di ... .0.2.patch

[alexbuell]

HOWTO

I've just updated disspam.pl to work with spamassassin 3.0.2, and here's the patch, it applies to your patched disspam.pl. Just thought I'd contribute seeing as yours only work with spamassassin 2.*.

http://www.munted.org.uk/programming/di ... .0.2.patch

Actually, it's far better using milters in Sendmail with SpamAssassin and ClamAV to do the same thing. Changed over to this over the last few days, and it's working remarkably well.

[krani1]

hi there! sorry to ressurect this thread, but disspam seems very very good! but currently the latest version is 0.14 and your patch doesn't apply anymore, any hint about this?

TIA