New about nod32mta scanner
12. 12. 2008:
I noticed - spam mails are getting smarter and smarter - usualy spam mails are smaller than 80kB but now I noticed more and more mails are size of 93 - 106 kB so I changed maximum filesize for spamassassin checking - now program checks files up to 120kB so hopefully no spam will get trhue. Program is updated - installation: download and overwrite nod32mta.exe.
What is nod32mta pickup Event?
Nod32mta pickup event is a program that includes antivirus software NOD32 and spamassassin software (sawin32: spamassassin for windows). This programs can be implemented in mail server program mailEnable (all editions: mailEnable standard, mailEnable professional ormailEnable enterprise edition).
Nod32mta pickup event is used for:
- scaning incoming mails and checking if mail includes viruses, spyware, trojan horses, malware and even potentional dangerous applications
- scaning and evaluating mails id they are spam or ham (spamassassin)
Where can I download spamassassin for windows, antivirus program NOD32 and nod32mta pickup event program?
You can get local copies of programs from my webserver (slohost.net) and links are here:
Mail server mailEnable standard v1.983
Nod32mta pickup event program for mailEnable
SpamAssassin v188.8.131.52 for windows
NOD32 for windows v2.7
...or you can download software from its original download places (also latest releases):
Mail server mailEnable
SpamAssassin for windows
NOD32 for windows
NOD32 antivirus and spamassassin implementation with mailEnable standard on windows server 2003
Nod32mta pickup event program gets all the necesary info from The Registry so you won't need to configure much. So instalation is a quite simple to do.
Download all the software (programs)I described earlier in "Where can I download...".
2.Installation of mailEnable mail server
For this installation Irecomend you visit mailEnable website and read more about it: HOWTO: Installing and configuring MailEnable server.
3. Configuration of mailEnable mail server
detailed configuration of MailEnable mail server can be found on their webpage. You can follow this link and it will take you to their 'quick start' guide with basic instructions on configuring and running the MailEnable software.
4. Installation and configuration of NOD32 antivirus program
NOD32 installation is simple and you can look at it on NOD32 webpage. For integration of NOD32 in mta pickup event you don't need to do anything. MTA pickup program will detect NOD32 and configure it by itself.
5. Installation of spamassassin for windows
Create folder "spam on you C: drive. Download spamassasin zip file to folder "c:\spam". Extract contents of spamassassin.zip file in folder "c:\spam".
If you've done it oky ther folder "c:\spam" should looking like:
As you probably know program spamd.exe is daemonized version of the spamassassin executable. The goal of spam-daemon is improving throughput performance for automated mail checking. Once you start it it will be listed in processes in windows task manager. Next thing you should know is that spamc.exe and spamcc.exe are programs that use process of spamassassin that is running in background.
So for effective use of spamd you should run it with parameters (in command prompt "cmd"):
c:\spam\spamd.exe --configpath="c:\spam\share\spamassassin" --siteconfigpath="c:\spam\etc\spamassassin" --syslog="c:\spam\SpamD_log.txt" --allow-tell --round-robin
So every time computer starts up you must run spamd.exe so it will be loaded in memory and will be working.
Now it is best to automize startup od spamd.exe automatic every time computers starts.
Yo you create "start_spamd.bat" file in folder "c:\spam" and copy paste "c:\spam\spamd.exe --congif ..." writen earlier in file "start_spamd.bat". Than simpli copy-paste this file in Start Menu of windows: Start - Programs - Startup and spamd will allways start when windows starts.
You can allways check spamd log file (c:\spam\SpamD_log.txt) and you can check if scaning and cleaning of spam mails is working fine.
5. Installing and configuring nod32mta.exe pickup event program
Download nod32mta.exe program and save it in "c:\spam" folder.
Now go to MailEnable Control Panel (MailEnable Administraator) and right-click on MTA - Properties.
Enable »Pickup Event« »Browse« and point to nod32mta.exe file (in folder "c:\spam"). click on "enable pickup event" and then "Browse" and point to the "c:\spam\nod32mta.exe" program. Set maximum send threads to 1 and then the settings should look like next picture:
Stop and Start again MTA service and that's it (options are if you "right-click" on MTA)
For more options nod32mta pickup event logs all of its activity. There is a list of scaned mails and status - if mail is spam or mail has virus attatchments...). You will find the log in MailEnable Control Panel (Administrator) Administrator: Agents - MTA - Logs -Activity - "MTA-Activity-VirusScans.log"
Advanced features of nod32mta - ham and spam mails
For advanced features of MTA I made nod32mta.exe to copy all of recieved mails to folders and those files (mails) can be used for further analysis and can be used to learn basesian on them.
Folders and what they contain:
c:\spam\mails\ham\ (original emails - HAM - good mails that are not SPAM)
c:\spam\mails\marked\ (SPAM emails that are Marked spam msg: X-Flag and rules and points of SPAM are included - used only for your information)
c:\spam\mails\spam\ (original email marked SPAM)
Here are examples of HAM, SPAM and MARKED mails:
link to ham email | link to spam emai (it is the same as marked mail without rules list) | link to marked email
Advanced bayesian learning of spam mails with sa-learn.exe
So now you got a lot of mails (ham and spam in folders "c:\spam\mails\ham" and "c:\spam\mails\spam". Now you would like spamass. to learn on those mails. In next steps I will show you how to do that.
sa-learn.zip v184.108.40.206 (program for advanced bayesian learning of spam) and extract it to folder "c:\spam". 3 files will be added in folder spam and sa-learn.exe is the right one to use for bayes-learning. Program sa-learn.exe is allways run it from command prompt "cmd".
So for learning ham (good mails) you use:
c:\spam\sa-learn.exe --ham --use-ignores --progress c:\spam\mails\ham
For learnin spam mails you use:
c:\spam\sa-learn.exe --spam --use-ignores --progress c:\spam\mails\spam
Attention! Before learning HAM you should allways go to ham folder and check if eventually there are mails in "ham folder" that should be in "spam". If you see one simply move it from "HAM" to "SPAM" folder and sa-learn.exe will mark it spam in database.
Problem winth windows spamassassin: if spamd process stops - how to solve it and restart process?!
On 22.11.2007 I noticed
spamassassin for windows has a huge BUG and that is that sometimes spamd.exe process stops at random times. That is a big problem because when it stops spam mails get thrue and you have to manualy start spamd.exe again.
For that I wrote a program that monitors spamassassin spamd.exe process
every 5 seconds and if spamd process stops program starts it again and everything is working ok. This program is a typical windows process monitoring and manipulation software.
Check for process spamd is hidden as tray icon and can be shown for user to see when process stoped and when it was restarted.
Download of program is here: Program for checking if spam.exe process is working
Installation manual: Download program checkspamd.exe to local folder "c:\spam". After that create shourtcut to it and copy it to Start menu under: Start - Programs - Startup so it will allways start on windows startup.