train on viruses?

[Bill McClain]

On Tue, 24 Feb 2004 11:24:27 -0800
"Chris Fortune" <cfortune at telus.net> wrote:

> What are the pros and cons of training bogofilter with virus emails?

I run both viruses and virus-blowback messages through bogofilter with
good results.

> 1.  Does it fill up the wordlist with unneccessary tokens?

I don't think so. The attachments themselves are skipped.

> 2.  Does it prejudice bogofilter against all emails that have
> executable attachments? 

Maybe; I don't get legitimate executable attachments. I suspect the
other tokens would be enough to distinguish good from bad.

> 3.  What about polymorphic viruses?

I think I was gone that day.

> 4.  How accurate?  How many instances would it need to be accurate?

I don't have data, but my experience is that training was very quick.

-Bill
-- 
Sattre Press                                    In the Quarter
http://sattre-press.com/                 by Robert W. Chambers
info at sattre-press.com         http://sattre-press.com/itq.html