community-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Kevin A. McGrail (JIRA)" <j...@apache.org>
Subject [jira] [Updated] (COMDEV-259) GSOC 2018 SpamAssassin Size Check Improvements
Date Mon, 05 Feb 2018 04:40:00 GMT

     [ https://issues.apache.org/jira/browse/COMDEV-259?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Kevin A. McGrail updated COMDEV-259:
------------------------------------
    Description: 
SpamAssassin is a computationally expensive process to run.  It is more costly as emails
get larger.

So SA has safety valves to prevent excessive usage and DoS by limiting the maximum size of
emails processed.

Spammers sometimes try and get around this with short messages and large attachments to bypass
scanning.

There are techniques that exist to truncate emails that are sometimes less effective so this
task would be to identify better techniques in order such as:

For example:
 * remove attachments for scanning
 * Check size and scan if small enough
 * Truncate the message after closing any open tags
 * scan

 

Apache SpamAssassin is a mail filter to identify spam. It is an intelligent email filter which
uses a diverse range of tests to identify unsolicited bulk email, more commonly known as Spam.
These tests are applied to email headers and content to classify email using advanced statistical
methods. 

In addition, SpamAssassin has a modular architecture that allows other technologies to be
quickly wielded against spam and is designed for easy integration into virtually any email
system. 

It is primarily written in Perl with a few bits in C and shell scripts for system integration.

The compendium at https://raptor.pccc.com/raptor.cgim?template=email_spam_compendium is helpful
to understand some of the concepts with SpamAssassin

It will be helpful for a student in this project to understand SMTP but a willingness to learn
and setup your own mail server on a Linux Distribution with SpamAssassin for a personal test
domain will be very desired with assistance provided to get the basic framework for a sandbox
for learning.

As email becomes more commodotized by major providers, knowledge of email systems and their
security is dwindling.  This opportunity can provide real-world experience with an email
security product that is employed by countless commercial systems in the world.

  was:
SpamAssassin is a computationally expensive process to run.  It is more costly as emails
get larger.

So SA has safety valves to prevent excessive usage and DoS by limiting the maximum size of
emails processed.

Spammers sometimes try and get around this with short messages and large attachments to bypass
scanning.

There are techniques that exist to truncate emails that are sometimes less effective so this
task would be to identify better techniques in order such as:

For example:
 * remove attachments for scanning
 * Check size and scan if small enough
 * Truncate the message after closing any open tags
 * scan


> GSOC 2018 SpamAssassin Size Check Improvements
> ----------------------------------------------
>
>                 Key: COMDEV-259
>                 URL: https://issues.apache.org/jira/browse/COMDEV-259
>             Project: Community Development
>          Issue Type: Project
>          Components: GSoC/Mentoring ideas
>            Reporter: Kevin A. McGrail
>            Priority: Major
>
> SpamAssassin is a computationally expensive process to run.  It is more costly as emails
get larger.
> So SA has safety valves to prevent excessive usage and DoS by limiting the maximum size
of emails processed.
> Spammers sometimes try and get around this with short messages and large attachments
to bypass scanning.
> There are techniques that exist to truncate emails that are sometimes less effective
so this task would be to identify better techniques in order such as:
> For example:
>  * remove attachments for scanning
>  * Check size and scan if small enough
>  * Truncate the message after closing any open tags
>  * scan
>  
> Apache SpamAssassin is a mail filter to identify spam. It is an intelligent email filter
which uses a diverse range of tests to identify unsolicited bulk email, more commonly known
as Spam. These tests are applied to email headers and content to classify email using advanced
statistical methods. 
> In addition, SpamAssassin has a modular architecture that allows other technologies to
be quickly wielded against spam and is designed for easy integration into virtually any email
system. 
> It is primarily written in Perl with a few bits in C and shell scripts for system integration.
> The compendium at https://raptor.pccc.com/raptor.cgim?template=email_spam_compendium
is helpful to understand some of the concepts with SpamAssassin
> It will be helpful for a student in this project to understand SMTP but a willingness
to learn and setup your own mail server on a Linux Distribution with SpamAssassin for a personal
test domain will be very desired with assistance provided to get the basic framework for a
sandbox for learning.
> As email becomes more commodotized by major providers, knowledge of email systems and
their security is dwindling.  This opportunity can provide real-world experience with an
email security product that is employed by countless commercial systems in the world.



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@community.apache.org
For additional commands, e-mail: dev-help@community.apache.org


Mime
View raw message