[Dev] Re: Dev Digest, Vol 16, Issue 13

[Alec Flett]

Piero Giuseppe Goletto wrote:

> Should we have sort of an antispam module linked to Chandler?
>
> You might want a *white list* and a *black list*. While the former 
> would be explicitly created by the user (If I want 
> dev at osafoundation.org and heikki at osafoundation org to be in the white 
> list I must enter them in it), the latter would be created by using 
> both a black list of known spammers' addresses, a black list of virus 
> signatures and a filter (look at bogofilter.sourceforge.net, for 
> instance, it is the Bayesian filter used by Novell Evolution for 
> instance)
>
(Howdy, I'm new to chandler but spent a long time working on Mozilla 
Mail and even spent a little time on spam)
Trying to maintain some kind of blacklist sure seems like a nightmare 
unless you have some centrally managed list - the same goes for virus 
signatures. Is that a business that OSAF wants to get into, or a burden 
that it wants to place on the shoulders of an organization deploying 
chandler? I'd think no on both counts.

The Bayesian filter seems to be a fairly effective filter once it is 
trained properly and it at least allows the user to determine what is 
and isn't spam without having to set up complex rules regarding specific 
attributes on messages like To or From. Thunderbird doesn't have the 
greatest user experience to allow proper training but if you can get the 
training experience down, it can be pretty effective. I'm curious how 
well Evolution's anti-spam stuff works.

But back to blacklists - There already are effective means for 
anti-virus software developers to plug into Outlook and such - it seems 
like if we were able to provide those same or similar hooks in Chandler 
then we could leverage existing products. Perhaps there are already 
similar means in other mail clients to hook up to SpamAssassin, Razor 
and the like? There are some commercial products (i.e. 
http://www.mailfrontier.com/ etc) that do this on both the client and 
server side that might be worth looking at as well.

Alec

> My idea is:
>
> Chandler receives a message M via pop3/imap
>
>    Chandler stores the message M in a temporary area T
>
>       Chandler checks the message M against the Virus Signature List V
>
>             If the Message M *contains* a Virus Signature, then
>                    Chandler deletes the message
>                    Chandler stores, in the message Inbox, an error 
> message
>             end if
>
>             If the Message M *does not contain* a Virus Signature, then
>
>                     Chandler checks the from: address against the 
> White List
>
>                      if From: address of the Message M is into the 
> White List then
>                            Chandler stores the message in the Inbox
>                      else
>                            Chandler checks the message agains the 
> black list and the spam filter
>                            if the message is spam - postive then
>                               Chandler marks the message as spam
>                      end if
>
>               end if
>
>
> Regards
>
>  
>
> Piero Giuseppe Goletto
>
> _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
>
> Open Source Applications Foundation "Dev" mailing list
> http://lists.osafoundation.org/mailman/listinfo/dev