train on viruses?
Matthias Andree
matthias.andree at gmx.de
Tue Feb 24 21:09:47 CET 2004
"Chris Fortune" <cfortune at telus.net> writes:
> What are the pros and cons of training bogofilter with virus emails?
>
> 1. Does it fill up the wordlist with unneccessary tokens?
Not much, the binary attachments viruses convey are ignored by
bogofilter, it'll just look at the headers, text and HTML parts.
> 2. Does it prejudice bogofilter against all emails that have
> executable attachments?
That depends how similar the executable attachments are to the virus
attachments.
> 3. What about polymorphic viruses?
Depends on the constant parts that bogofilter can recognize.
> 4. How accurate? How many instances would it need to be accurate?
Depends on the training history of your data base and the profile if
your incoming mail.
Sorry, if you've now perceived this message as "we don't know, find out
for yourself" that is an accurate perception unfortunately.
If you are unsure, take a snapshot of your wordlist.db and just try
it. If results are unsatisfactory, you'll replace your then-current
wordlist.db by the snapshot you'll have taken earlier.
--
Matthias Andree
Encrypt your mail: my GnuPG key ID is 0x052E7D95
More information about the Bogofilter
mailing list