|
Plugin Modules provide a way in which Spam Annihilator can be
constantly updated to catch new tricks employed by spammers to get
around spam detection programs. Part of the
detection process of Spam Annihilator has been implemented in an
internal set of rules and tests using a database of known spammer
keywords and phrases. Other spam detection techniques have been
implemented in a set of plugin modules. Each time you start Spam
Annihilator it can check the Spam Annihilator website and download any
new or updated modules. In this way we can keep Spam Annihilator bang
up to date with spammers techniques to disguise spam. You can disable
this behaviour if you do not want to install new modules.
The Spam Annihilator software comes with a basic set of plugins. The
current release status of each plugin is as follows;
- Bayes - a bayesian classifier - beta
- BlockExe - block exectuable attachments - beta
- CharSet - block emails with certain character sets - alpha
- Dictionary - check words exist in a dictionary - experimental
- Garbage - check for garbage words - experimental
- SpamHaus - check IP addresses in SpamHaus Black List - beta
The modules developed for Spam Annihilator have been
used to create the Pugwash
Open Source project. Using the information from Pugwash you can
develop your own plugin modules for an even greater degree of control.
You can install additional plugins simply by copying the Java class
files to the plugins directory in the installation directory.
If the plugin has been created with the required set of methods then
Spam Annihilator will use it to process emails. Any variable data
files that the plugin uses should be located in the data
directory and any static files (files that do not change over time)
should be located in the files directory.
Plugin Special Notes
Bayes
This plugin needs training before it will become effective. Due to
memory requirements you may experience problems if you try to train
with too many messages at a time. Training with less than 400
messages should present no problems but it really depends on your
system and the amount of virtual memory available. If you experience
problems then limit the number of emails you train with.
It is as important to train with legitimate emails as it is to
train with spam. If you regularly get a good deal of spam then try to
save it for training purposes.
BlockExe
You are encouraged to use this plugin. It is simple but very
effective and it will practically eliminate email borne virus. This
does NOT mean it is then safe to click on attachments that you are not
expecting even if they appear to come from a friend or colleage. That
is still a very stupid thing to do.
CharSet
Pay special attention to the warnings about only allowing certain
character sets. If you are going to use this plugin then you are
advised to deny certain character sets rather than only allow certain
character sets.
Dictionary
This plugin is experimental and will probably lead to many false
positives since legitimate emails often contain misspelled words. A
dictionary has not been distributed with this plugin. To install a
dictionary for this plugin create or obtain a file that is a list of
words one per line and place it in the data directory of the
installation directory as a file called Dictionary (case is
important on case sensitive operating systems). On unix systems you
may find a dictionary in /usr/share/dict and there are dictionaries
for many languages at
ftp://ftp.ox.ac.uk/pub/wordlists
If you are going to create a dictionary it is important to note
that the file MUST be simple ascii text i.e. created with a program
like Notepad on windows and not a word processor.
Garbage
This plugin is experimental. It may or may not lead to false
positives. It looks for sequences of characters that do not occur in
any word in a dictionary. It has been installed with a list of
character tuples that do not occur in the English language. A
character tuple is a combination of two characters. In fact this
plugin will work with any length of character sequences but since the
permutations would grow exponentially using longer character sequences
will increase substantially the processing time for this plugin.
The plugin reads the tuples from a file located in the data directory
called GarbageBadJuxta (case is important on case sensitive
operating systems). This file contains a list of tuples one per line.
To install a list of character tuples for another language create a
file that contains a list of invalid character tuples for the chosen
language, one per line and replace the existing file with the new file
keeping the same name.
If you are going to create a new tuple file it is important to note
that the file MUST be simple ascii text i.e. created with a program
like Notepad on windows and not a word processor.
If you are going to create a new tuple file from a dictionary you
should consider using a perl or shell script to generate all the
permutations of tuples in the dictionary's character set and then
check for their existence or lack thereof in the dictionary.
SpamHaus
This plugin is effective in trapping email that comes from systems
that are used by spammers. The downside is that it will take longer
to process each email because of the DNS (Domain Name Server) lookups.
A request is sent to a DNS server on the internet and the plugin will
wait for a reply. Without DNS lookups emails can be processed in as
little as 50 milli seconds with the average being something like 400
ms (depending on the speed and memory of your system). With DNS
lookups this could increase to 10 seconds or more if your internet
connection is very slow. If you have a fast internet connection then
you don't need to worry and you are encouraged to use this plugin module.
| 
