Installation manual
16
Once anti-spam is enabled in any of the configuration sections, the anti-spam scanning engine initializes during the main
scanning daemon start-up. During this process, appropriate anti-spam support modules are loaded from the anti-spam cache
directory.
To define the period (in minutes), after which ESETS will check for available anti-spam module updates, edit the entry shown
below in the ESETS configuration file. If you do not set the value for this parameter, ESETS will not regularly update its anti-spam
database:
as_update_period = 60
Anti-spam functionality can also be configured using the following configuration file:
@ETCDIR@/anti-spam/spamcatcher.conf
NOTE:
Sp a mC a tch er
is a tool for spam detection. It tracks all email communication on its own server and monitors messages
rejected by users. It evaluates this and various other data to determine which email is likely to contain spam and sends users a
probability score for every message they receive. It allows you to create your own rules for identifying and blacklisting spam.
Hundreds of rules can be used to evaluate spam score and block the incoming spam.
The @ETCDIR@/anti-spam/ directory contains a number of different configurations stored in files, that can be used to
customize the anti-spam engine. If you wish to start using a particular configuration, replace the default anti-spam
configuration stored in
‘sp a mca tcher.co n f’
with any of the available configuration files and reload the ESETS daemon.
spamcatcher.conf
Is a default configuration file, that contains optimal configuration recommended for typical server environment.
To display differences between any of the files in the anti-spam directory, use the diff command. For example, if you wish to
compare the spamcatcher.conf and the spamcatcher.conf.accurate files use the following command:
diff spamcatcher.conf spamcatcher.conf.accurate
spamcatcher.conf.accurate
Bayesian Word Token analysis (i.e. spam filtering using Bayesian Analysis) is enabled. It improves accuracy, but uses more
memory and can therefore take slightly more time to finish than other methods.
The limit of the number of domains queried against the DNS Block List server (DNSBL) is increased (the
‘d nsbl_ma x_do m a in s’
option). DNSBLs are most often used to publish addresses of computers or networks linked to spamming.
Sender P olicy Fra mework (SDK )
with live DNS queries will be performed.
The value of the
‘sp a m_th resho ld ’
parameter is increased. Messages with spam scores equal to or higher than this value will
be rejected.
The
Sp a mC o mpiler
version 4 is enabled.
spamcatcher.conf.fast
The number of domains queried against the DNS Block List server is reduced.
The option
‘ta rg et_thro u g hpu t’
allowing you to specify throughput in messages per second is enabled.
Cpu usage during rule file updates is reduced by increasing the size of on-disk cache files.
TTL's (Time to live) for internal DNS and LiveFeed caches are enabled.
spamcatcher.conf.no_livefeed
The
‘livefeed ’
option specifies which server is queried for LiveFeed requests. This option is disabled in this configuration file.
The internal cache for DNS requests is disabled.
6.5 Samples Submission System
The Samples submission system is an intelligent
Th rea tSense.Net
technology that collects infected objects which have been
detected by advanced heuristics and delivers them to the samples submission system server. All virus samples collected by the
sample submission system will be processed by the ESET virus laboratory and if necessary, added to the ESET virus signature
database.
NOTE: According to our license agreement, by enabling sample submission system you are agreeing to allow the computer
and/or platform on which the esets_daemon is installed to collect data (which may include personal information about you
and/or the user of the computer) and samples of newly detected viruses or other threats and send them to our virus lab. This
feature is turned off by default. All information collected will be used only to analyze new threats and will not be used for any
other purpose.
In order to activate the Samples Submission System, the samples submission system cache must be initialized. This can be
achieved by enabling the
‘sa mples_en a bled ’
option in the
[g loba l]
section of the ESETS configuration file. To allow for the actual
delivery of samples to the ESET virus laboratory servers, the parameter
‘sa mples_send _period ’
must also be specified in the same