Author Topic: Spamihilator and avast!  (Read 80560 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Spamihilator and avast!
« on: March 20, 2004, 02:48:33 AM »
Cojo and bbfi asked me some help to configure Spamihilator and avast! for optimal performance. I will start this thread with some suggestions and as soon other experiences were added and tested, correct the first posts.

If anybody wants to configure Spamihilator and avast! to be used in the same computer, please, see this related forum. Some links for spam applications are posted here at section SPAM Tools.
« Last Edit: June 09, 2005, 02:38:52 PM by Tech »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
To correct set Spamihilator to be used with avast! scanning the e-mail messages, first you have to solve the socket error when Spamihilator opens, since both programs (Spamihilator and avast!) want to use the POP3 port 110.
Please read the Spamihilator FAQ.
Please make sure that you change your POP3 port both in your e-mail client (for example, in Outlook Express, in each account, see Tools> Accounts > Properties > Advanand) and Spamihilator to 120, for example.

After that you have to change the username in your e-mail-client to something like that:

Incoming mail: localhost
Account name: localhost&yourUsername#yourPOP3Server&110
or
Incoming mail: 127.0.0.1
Account name: 127.0.0.1&yourUsername#yourPOP3Server&110

And you have to change avast4.ini file like the following:

Open the Avast4\Data\Avast4.ini file and go to [Mail scanner] section. If you change any items while the mail scanner is running, the new values will be loaded and used immediately after you save the avast4.ini file.
Mail scanner works as a simple SMTP/POP3/IMAP proxy server. It means that your mail program must be configured so that it sends requests to the Mail scanner, and the Mail scanner forwards them to the appro-priate SMTP (POP3, IMAP) server.

The Mail scanner uses ports 25, 110 and 143 of your computer. If you want to use Spamihilator (which uses these ports as well), it is necessary to properly set the items DefaultSmtpServer, DefaultPopServer and DefaultImapServer. For example, if you want to configure your system so that the Mail scanner "sits be-tween" your mail program and a SMTP/POP3 server running on the same computer, configure items *Listen as above and add:

DefaultSmtpServer=127.0.0.1:25
DefaultPopServer=127.0.0.1:110
SmtpListen=127.0.0.1:25
PopListen=127.0.0.1:110
ImapListen=127.0.0.1:143

If you want the Mail scanner to scan mails for other computers too, it is necessary to allow connection acceptance also from other addresses than local. You achieve this by changing the items *Listen and setting the item Trust.

Example:
192.168.1.10 is the address of one of the network cards on the server through which the computers with addresses 192.168.1.20 and 192.168.1.21 are connected
PopListen=192.168.1.10:111
Trust=192.168.1.20,192.168.1.21
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
In a commercial email account, which the senders are not known by the user, you must choose another strategy to get rid from spam. Here, I will only tell my experience using Spamihilator and a personal email account which, in principle, you know the senders which are mailing you.


General Settings:

Set the frequency (in days) that you want to see and work with the Recycle Bin and work with the emails: Don't keep messages more than

Check: Keep Spam Mails on the server until I delete them from the Recycle Bin


Connection:

The port number must be the same as in each email account. The antivirus could be set to work with the default port (110), different from the one set here.


Filter Properties:

Please, check:
Enable Spam Word Filter
Ignore HTML tags
Enable Learning Filter
Automatically learn from messages from my friends
Automatically learn from restored messages from the Recycle Bin
Enable Plugin Filters


The option Automatically learn from messages from blocked senders will be disabled by the other setting (Don't download messages from blocked senders, see further).
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Filter Properties:

This is the core of the strategy!
The first one is the only I recommend that When the filter finds a Non-SPAM Mail... it continues with the next filter. The other filters could behave by default, i.e., finish filtering process (recommended).

The filter order suggested - until further revision - is:

1.   Attachment Filter (Protects your computer from some e-mail viruses. See settings bellow)
2.   Newsletter Plugin (Define newsletters that will never be treated as Spam. See settings bellow)
3.   Substringfilter (Searches for substrings typically used by spammers)
4.   Learning Filter (Training Area information)
5.   URL-Filter (Place on top of the plugin-order for best results.)
6.   Scripts Filter (Blocks emails that have embedded HTML scripts)
7.   DNSBL (Filters mails sent from Servers on a dynamic Blacklist. Download a list of blacklisted DNS)
8.   Forum-Reader-PlugIn
9.   Spam Word Filter
10.   Bad Tag Filter[/b] (Filter mails containg invalid tags)
11.   Image Filter (Filters mails containing images on external servers)
12.   Server Tester (Filters mails that with spoofed sender-information)
13.   Charset Plugin (Filters mails containing configured charsets.)
14.   X-Header Filter (Filters mails marked as spam or infected by the mailserver)
15.   RFC Validator (Filters mails that are not RFC conform or malicious)
16.   HTML Links Filter (Filters HTML e-mails that have website or e-mail links)
17.   No Comment! Filter (Filters e-mails that have too many HTML comments.)
18.   Empty Mail Filter (Filters e-mails that are empty or have very few words. Lower like this position only if you really receive emails without message body)
19.   Mystic-Signs-Filter (Filters mails containing strange charset in the subject-line)
20.   Whitestringfilter (Searches for "white" substrings in your mails.)

Filter not listed above: Signatures: Handles Mails with your signature or 'spam from you'
« Last Edit: March 20, 2004, 03:07:44 AM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Filter Properties/Training Area:

Set here how many days you want to wait until the messages are cleaned form the Training Area without user interaction. You can set either the maximum size of the Training Area (in Kb).


Filter Properties/Aggressiveness:

In a personal email account (not commercial) you could set HIGH (very few spam messages, you can set the probability threshold even higher than the default value of 70%) or VERY HIGH (no other than my friends emails) and, from time to time, increase the number of your friends.

VERY HIGH: if you only want to receive mails from senders that are in your Friends List. Dynamic filtering by keywords will be disabled. You will only receive messages from your friends.

HIGH: if you want to get rid of spam. Filter threshold will be set to a low value. A message will be deleted even if it contains only a few spam words.


Senders/Blocked Senders:

When you work with the messages at the Training Area and/or Recycle bin, try to set all the domain as blocked, you will prevent mutation of the user name under the same domain. Use wildcards! For instance, you can block all the domain of yahoo accounts like this: *@yahoo*

Of course, in Recycle bin you will be able to restore the good ones after.

Please, choose Don't download messages from blocked senders. Skipping messages from blocked senders may save time and bandwidth. If you enable this option, all messages from blocked senders will be deleted from the server. You will not be able to restore them. Although, if you want to keep the possibility of restoration, activate the option Keep Spam-Mails on the server until I delete them from the Recycle Bin. The option Automatically learn from messages from blocked senders will also be disabled.


Newsletters:

Check the option Don't save newsletters in the Training Área.

Attachments:

You can block other extensions that are not in the default list:
ace, arc, arj, bzip2, cab, gzip, hta, htm, js, jse, pif, pst, rar, shb, shs, tar, zip, zoo
This way you can avoid virus infection. As in other cases, you will be able to restore the good ones from the Recycle bin.
The best things in life are free.

bbfi

  • Guest
Thanks Technical. ;D

I have noticed that Spamihilator is working better as time goes on. However, every once in a while, it acts as if it is brain dead for some really easy to spot spams. :o

I have a few questions.
1) Do you notice a bit of a delay with the URL-Filter in startups and in email checking?
2) I thought that plugins to catch good emails should be first. But you put Whitestringfilter last. What is your reasoning for that?
3) You place the Empty Mail Filter near the end also, whereas I get 10% without body messages. For my case, would putting this closer to the front help speed things up?
4) How often would you recommend using the Compact the Learning Filter's memory?

I will probably have some more things to discuss in the future, but I appreciate the time and effort you have given to post this for users of Spamihilator. Their forum might be good if one knows German, but the English part of the forum is not as helpful. :'(

BTW - Spamihilator has another update to Spamihilator 0.9.8.1. This update has 3 critical bugs fixed. Get it at http://www.spamihilator.com/download/index.php.   ;)
« Last Edit: March 20, 2004, 05:50:49 PM by bbfi »

CoJo

  • Guest
Cojo and bbfi asked me some help to configure Spamihilator and avast! for optimal performance. I will start this thread with some suggestions and as soon other experiences were added and tested, correct the first posts.

If anybody wants to configure Spamihilator and avast! to be used in the same computer, please, see this related forum. Some links for spam applications are posted here at section SPAM Tools.

Technical, thank you and bless you for your hard work!!

Now I must read and study it so that I don't mess anything up ;D--not that I have ever done that before have I? ;)

cojo

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
1) Do you notice a bit of a delay with the URL-Filter in startups and in email checking?

No, but I could test, disabling the URL-Filter...

2) I thought that plugins to catch good emails should be first. But you put Whitestringfilter last. What is your reasoning for that?

Probably I'm wrong, I'll put it before (as number 5) and test.

3) You place the Empty Mail Filter near the end also, whereas I get 10% without body messages. For my case, would putting this closer to the front help speed things up?

Sure, that not my case...

4) How often would you recommend using the Compact the Learning Filter's memory?

I don't know. What is the file concerning to this? I don't think the proccessing speed will change too much.
The best things in life are free.

bbfi

  • Guest
Quote
4) How often would you recommend using the Compact the Learning Filter's memory?

I don't know. What is the file concerning to this? I don't think the processing speed will change too much.

In the Training Area, there is a new feature called Compact the Learning Filter's memory. The help page for Spamihilator says -

Use this feature to delete seldomly appearing words from the Learning Filters memory.

Important:
Do not use this feature too often. Otherwise, the Learning Filter will not be able to build up a good database.

Press "Compact" to delete some words. In the Compact dialog window, you can specify if you want to delete only from the spam words list, or from the non-spam words list, or both. Then press "Run" to start the process.


I'll also ask at the Spamihilator forum and see if I get an answer. ::)

bbfi

  • Guest
Okay, I just got an answer from S3bast1an at the Spamihilator forum for the Compact the Learning Filter's memory question -
Quote
2 month with a value of perhaps "3"  If you compact it to often you would loose all new words that were learned ...
« Last Edit: March 20, 2004, 10:26:04 PM by bbfi »

CoJo

  • Guest
Okay, I just got an answer from S3bast1an at the Spamihilator forum for the Compact the Learning Filter's memory question -
Quote
2 month with a value of perhaps "3"  If you compact it to often you would loose all new words that were learned ...


sigh...bbfi...I'm still reading how to set it up :-[
I think after the problems my system had before, then the reformat, and "starting over" again...I am a bit scared of blowing up my Dell :o
fear is not a pretty thing!

cojo

bbfi

  • Guest
CoJo,

I use Thunderbird for my email but the settings would be the same for other email clients.

In the Avast4.ini file, I put this info in -
[MailScanner]
DefaultPopServer=127.0.0.1:9990
DefaultSmtpServer=your_smtp_server.com

Of course, you will put your info in for the your_smtp_server.com part.

Next, in your email program, use the following settings -

Server name - 127.0.0.1
User name - your_pop3_server_name.com&your_user_name#127.0.0.1:9990

Again, insert your info for your_pop3_server_name.com and your_user_name

In Spamihilator, go to the Settings -> Connection and enter 9990. See picture. If you feel brave enough to use Spamihilator, keep posting your questions and Technical and I will try to help walk you through it.

As I keep on using Spamihilator, the more I get used to it. Also, it seems to be doing a fine job of stopping the spam. I feel by the end of a month, it will probably be 95% or more accurate. ;D

BTW - Technical, it appears we have our setttings slightly different for the User Name.  Both seem to work.  Is one way better than the other?
« Last Edit: March 20, 2004, 10:57:08 PM by bbfi »

CoJo

  • Guest
bbfi, thank you!
I'm printing everything out so I won't rely on memory!

I think today is one of those days when things just look hard...does that make sense?

my brain is a bit fried ;D
I went to an airshow today...it's called "Thunder on the Hooch". "Hooch" is the nickname we have for our Chattahoochee River. and it was really warm in the sun...we reached the low 80s today :)
tomorrow, my mind will be more clear and my ears won't still be hearing the roar of the vintage airplanes! but they were so good...such stunts!! and very loud ;D

I really appreciate your posting the screenshot for me, bbfi! it will make things easier for me, my friend.

cojo

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
I really appreciate your posting the screenshot for me, bbfi! it will make things easier for me, my friend.

Cojo, maybe next time I'll do the same but I thought that 'theory' is good too and we can learn and 'imagine', think like this stupid machine called computer  ;D
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
bbfi,
your settings: Pop3ServerName&UserName#127.0.0.1:port
my settings: localhost&UserName#Pop3ServerName

I think there is a difference, my God!
Maybe you scan the email first and then send it to Spamihilator.
I'm, on contrary, filter them into Spamihilator and then send to avast.

Am I wrong? Crazy?
Both settings work! That surprises me?!  ::)
The best things in life are free.