Document Sample
012 Powered By Docstoc
					Systems Administration T oolkit: Spam and virus fil...                    http://www.ibm.com/developerworks/aix/library/au...

                                                                                           English        Sign in (or register)

                                           T echnical t opics   Evaluat ion s of t war e   Communit y   Event s

          Systems Administration Toolkit: Spam and virus
          filtering for e-mail
          Martin Brown (mc@mcslp.com), Freelance Writer, Consu ltant

          Summary: Look beyond tools like SpamAssassin and Amavis to see how you can extend them and provide
          additional filtering facilities to lower t he amou nt of spam hitting the e-mail boxes of you r u sers. Most
          companies u se spam and viru s filtering services on their UNIX® platforms, bu t there are some methods
          that you can u se that help improve you r filtering scores and might even eliminate spam reaching inboxes.

          Date: 22 Jan 2008
          Level: Intermediate
          PDF: A4 and Letter (167KB | 18 pages)Get Adobe® Reader®
          Als o available in: Chinese

          Activity: 12489 views
          Comments : 0 (View | Add comment - Sign in)

                          Average rating (10 votes)
          Rate this article

          Abou t this series

          T he typical UNIX® administrator has a key range of u tilities, tricks, and systems he or she u ses regu larly
          to aid in the process of administration. T here are key u tilities, command-line chains, and scripts that are
          u sed to simplify different processes. Some of these tools come with the operating system, bu t a majority
          of the tricks come throu gh years of experience and a desire to ease the system administrator's life. T he
          focu s of this series is on getting the most from the available tools across a range of different UNIX
          environments, inclu ding methods of simplifying administrat ion in a heterogeneou s environment.

          Spam and viru s filtering fu ndamentals

          T here are many different tools and systems available for the filtering and removal of spam e-mail at the
          UNIX server level. T ools like SpamAssassin and more det ailed agents, su ch as Amavis (which inclu des
          interfaces to the SpamAssassin, variou s viru s scanners, and other spam tools su ch as Razor), u se a variety
          of different methods to identify and captu re spam.

          T hese methods inclu de, bu t are certainly not limited to:

              Direct matches—T his involves looking for specific text in the message, either in the body, the
              message headers, su bject, or even e-mail addresses. Certain spam e-mails and programs that produ ce
              them u se the same templates, fake headers, and sometimes even the same (wrong) codes and
              stru ctu re.
              Pattern matches—T his involves looking for patterns of text, su ch as the fou r-letter codes u sed for
              share listings, or the variou s patterns u sed to describe the variou s pills and dru gs often sold u sing
              Fingerprint matches—T his involves looking for more complex combinations of words and phrases. It's
              very common to have a nu mber of e-mails all containing t he same basic information bu t with minor
              changes, su ch as name, age, or date. By creating a set fingerprint for the basic stru ctu re of the
              e-mail, you can identify it as spam.
              Bayesian techniqu es—T he Bayes theorem compares the nu mber of spam words in an e-mail against
              the nu mber of normal words in an e-mail, thu s giving the e-mail a probability valu e indicating how likely
              it is that the e-mail is spam. T he principle is very simple, bu t it's also very effective as a lot of spam
              contains the same words and sometimes the same repetition of words.

1 of 12                                                                                                                 05/07/2011 18:08
Systems Administration T oolkit: Spam and virus fil...                 http://www.ibm.com/developerworks/aix/library/au...

              DNS blacklists—T hese are pu blished lists of hosts known to send and forward spam or to send or
              forward spam.
              Whitelisting and blacklisting—T he theory is very simple. Adding an e-mail to t he whitelist indicat es that
              it's an e-mail address that you tru st, while the blacklists contains e-mail addresses you don't tru st.

          It is almost impossible to rely on a single one of the techniqu es above to identify spam perfectly, bu t you
          can increase the qu ality of the spam filter by u sing combinations.

          T o demonstrate how a single piece of information is not enou gh, consider an e-mail from a friend. You
          might have added t heir address to you r whitelist, bu t what if the spam sender has spoofed (faked) e-mail
          address of you r friend? If you ju st u sed the black and whitelist solu tion, the spam wou ld most likely get
          throu gh. Bu t, if the spam contained an advert for some dru gs, then it's highly likely that one of t he
          matching mechanisms or Bayesian filters wou ld identify the e-mail as spam.

          T o work effectively, most solu tions u se some kind of scoring mechanism. In general, the higher the score,
          the more likely the e-mail is to be spam. By giving different scores to different parts of the spam filtering
          methods, you can u ltimately provide an effective score. For example, let's say that being in the whitelist
          gives a score of -10, bu t matching the Bayesian filter gives a score of 15. Fu rther matches against the
          pattern and text matching add another 5 points, and the "score" for the e-mail is now 10 points
          (-10+15+5). If you set a "spam" score of 7, then the e-mail is treated as spam and deleted or qu arantined,

          T o help describe how you can improve the process, Figu re 1 shows a typical spam filtering solu tion where
          the e-mail is filtered as it comes in, and the e-mail is delivered into individu al mailboxes.

          Figure 1. Typical s pam filtering s olution architecture

          Setting u p the initial system is only part of the solu tion t hou gh. For long-term planning, you need to be
          thinking abou t how you are going to stay on top of the spam e-mail problem, becau se the spammers are
          finding new solu tions and tricks all the time and, even wit h a spam filtering solu tion in place, you are
          u nlikely to reach a solu tion that's 100 percent.

          Let's start by making su re that any spam that wasn't cau ght can be trapped and reported.

          Setting u p a report mailbox

          T he Bayesian spam filtering techniqu e works by comparing "spam" words wit h "normal" words. T he problem
          is what do you class as normal and spam words? T he resu lts vary for different people.

          For example, if you work for a pharmacy, then you are likely to get a lot of e-mails containing the names of
          dru gs. Unfortu nately, dru gs are often sold throu gh spam e-mail, and genu ine messages you might be
          expecting can get cau ght by the system. Fortu nately, Bayesian systems base their decisions on past
          experience, so the more you teach the Bayesian filter abou t what is and isn't spam, the better the filter
          gets at identifying the e-mails correct ly.

2 of 12                                                                                                         05/07/2011 18:08
Systems Administration T oolkit: Spam and virus fil...                      http://www.ibm.com/developerworks/aix/library/au...

          All systems that su pport learning shou ld have some form of script or application that accepts the message
          text. SpamAssassin, for example, provides the sa-learn script, which you can tell to identify the message as
          Spam or Ham, accordingly. You might also have other solu tions that benefit from reporting. T he Razor
          spam filter provides a server-based service where you can report Spam so t hat other more u sers can
          benefit from you r identifying the e-mail as spam.

          For this to work, you need to set u p a mail folder or system where u sers can send their e-mail so that the
          e-mail can be scanned and the Bayesian filter "cau ght" whether the e-mail is spam (a spam e-mail that the
          system thou ght was genu ine) or ham (a genu ine e-mail t hat the system thou ght was spam).

          In general, it is easier to set u p a single mailbox that you can u se to hold the spam and another to hold the
          ham. In a system that su pports u ser-by-u ser learning, you can set u p the folders in each mailbox for
          u sers. In the examples presented in t his article, let's assu me that you are u sing SpamAssassin and
          IMAP-based mail system so that you can read and parse t he contents and have SpamAssassin learn the
          details, bu t the principles cou ld easily be applied to other spam filtering environments.

          Listing 1 shows a simple Perl script that accesses a global mailbox, downloads each message, and then
          reports the content to spamassassin and Razor.

          Lis ting 1. A s cript for reporting and learning s pam

          #! /usr/bin/perl

          $SpamFolder   =   "INBOX";
          $Server       =   'imap.mcslp.pri';
          $User         =   'spam';
          $Password     =   'ilovespam';

          use Mail::IMAPClient;

          # Open the connection to the mail server

          my $SPAMIMAP = Mail::IMAPClient -> new (Server   => $Server,
                                                  User     => $User,
                                                  Password => $Password);
          if (!defined($SPAMIMAP))
              print "Error: $@\n";

          # Select the Spam Folder


          # Get a list of Message IDs

          my @MIDs = $SPAMIMAP->messages();

          # Exit if there aren't any messages to process

          if (scalar(@MIDs) == 0)

          # Create a temporary directory to hold our message text

          mkdir '/tmp/spamreport',0000;

          # Process each ID

          foreach $MID (@MIDs)
          # Get the message text, and write the text out to
          # test file
              my $path = "/tmp/spamreport/$MID";
              my $msgtext = $SPAMIMAP -> message_string($MID);
              print FILE $msgtext;

3 of 12                                                                                                        05/07/2011 18:08
Systems Administration T oolkit: Spam and virus fil...                 http://www.ibm.com/developerworks/aix/library/au...

          # Run the SpamAssassin learn script on the file

              system("cat $path|sa-learn --spam");

          # Run the Razor reporter on the message content

              system("cat $path|razor-report");

          # Delete the original message


          # Delete the temporary file


          # Empty the trash and disconnect


          You can u se a modified version of the script to report ham in the same way by allowing u sers t o copy
          messages into the folder that were incorrectly identified as spam into the ham folder. You shou ld be more
          carefu l with this folder, as it theoretically contains genu ine e-mail, and any u ser that can write e-mails to
          the folder can also potentially read them. With a global mailbox for this pu rpose, it is possible for different
          u sers to read each other's Ham mail.

          T he system helps t o improve the spam filtering by improving the knowledge of the system abou t what is
          and isn't spam, and it can be seen here in an u pdated version of the spam solu tion in Figu re 2.

          Figure 2. Us ing auto-reporting and learning mechanis ms

          A fu rther improvement is to better identify the senders of the e-mail and to help filter the e-mail before it
          even gets checked for the u su al spam contents.

          Updating whitelists and blacklists

          T he fu ndamentals of the white and blacklists u sed in spam filtering are very simple. T he whitelist contains
          e-mail addresses you tru st, while the blacklists contains e-mails you don't tru st. T he relative weighting of
          the information—that is, the size of the score according t o whether the e-mail appears in the white or
          blacklists—is u p to you .

          T here are some limitations with the whitelists and blacklists:

               Blacklists can become hu ge, for the simple reason that spammers often u se a mu ltitu de of different

4 of 12                                                                                                          05/07/2011 18:08
Systems Administration T oolkit: Spam and virus fil...                   http://www.ibm.com/developerworks/aix/library/au...

               addresses as the sou rce for their spam. T he larger you r blacklists, the longer it takes to parse you r
               spam and, u ltimately, this might become a barrier to u sing the blacklists at all. In particu lar, be
               carefu l of u sing the au to-blacklisting service bu ilt into spam solu tions, as they add all e-mail
               addresses identified as spam to the blacklists.
               T he au to-blacklisting can also cau se a problem if you get valid e-mails that are identified as spam. In
               other words, a genu ine and tru sted e-mail address gets identified as a spam e-mail address, which can
               skew you r resu lts.
               T he same ru le applies to au to-whitelisting, missed spam that gets throu gh means the e-mail address
               is added to you r whitelist, even thou ght it's technically spam.

          T here is no simple way rou nd these limitations, bu t you can work to improve the qu ality of you r whitelists
          and blacklists by u sing au to-processing of you r e-mails and u pdating of you r lists.

          For example, in a given environment, you can generally au to-popu late you r whitelist with:

               All the e-mail addresses in you r address book or global address book
               All the e-mail addresses for the u sers of you r system
               All the e-mail addresses of known, good, sou rces, su ch as client and su ppliers

          Fu rthermore, if you have access to the e-mail mailboxes of u sers (for example, becau se of the Spam and
          Ham processing demonstrated earlier in this article), then you can process the e-mail that has reached
          their e-mail accou nts as the sou rce for you r whitelist. If you choose this met hod, make su re that you only
          choose the e-mail t hat has been identified as valid; try the filtering solu tion (see the Using standard
          filtering tools section).

          Using whitelists and blacklists adds another thread to the spam solu tion (see Figu re 3).

          Figure 3. Updating white and blacklis ts automatically

          Finally, the "last mile" of mail delivery can be u sed to fu rther filter offending e-mails.

          Using standard filtering tools

          Using a spam filtering solu tion catches a significant amou nt of spam, bu t many fail to reach 100 percent
          reliability. Part of t he problem is that spammers are gett ing very clever at allowing their spam to make it
          throu gh the filters.

          Fortu nately for you , they also have a habit of u sing a wide range of e-mail addresses, both for the sender
          and the recipient, t hat might not actu ally match you r address or the address of someone you know. White
          and blacklists can be an effective way of trying to alleviate the spam problem, bu t the sheer range of
          addresses in u se by most spammers means that spam will often get past the filters to the u ser's mailbox.

          As a last defense for the filtering and removal of spam, you can take advantage of the many server-side or

5 of 12                                                                                                         05/07/2011 18:08
Systems Administration T oolkit: Spam and virus fil...                   http://www.ibm.com/developerworks/aix/library/au...

          client-side filtering mechanisms and file e-mail into e-mail folders, or file any e-mail that you don't explicitly
          recognize into a "qu arantine" folder. Users can then manu ally select the messages (and, if necessary,
          u pdate their filters) and u se the Spam and Ham folders you 've already creat ed to help improve the qu ality
          of the spam filtering solu tion at the front end.

          T here are three ways of doing this:

              File everything you recognize into folders, and leave you r inbox as the qu arantine folder of e-mails
              you do not recognize and which need manu al filtering.
              Ignore anything you recognize (for example, don't filter it), bu t move u nrecognized e-mail to a
              qu arantine folder.
              Filter everything you recognize into dedicated folders and anything you don't recognize into a
              qu arantine folder.

          Using a filtering system on you r server or client also means that you can take advantage of simpler ru les
          to dispose of spam that gets throu gh the spam filters. Some spam makes it throu gh by tricking spam
          filters into thinking it is genu ine or has already been scanned and given a low mark. You can u se you r
          filters to get rid of this, as it is often more simply identifiable.

          Also, some u nwant ed e-mail is not spam at all. Some mailing lists are impossible to be removed from, even
          after contacting the companies involved, and even if it was a genu ine mailing list that you no longer want to
          receive e-mails on. Also, occasionally, a u ser mistakenly adds you r address t o their address book and you
          end u p essentially getting somebody else's mail.

          Irrespective of the method you u se, it adds another layer (and, more importantly, another filter) to you r
          mail infrastru ctu re, giving you a final spam filtering solu tion like the one shown in Figu re 4.

          Figure 4. Mailbox filtering in our s pam filtering architecture

          With all of this filtering in place, it is easy to forget that you r changes shou ld be measu rable.

          Obtaining statistics and generating reports

          When filtering e-mail for spam and viri, it's very easy to forget that a metric t o monitor how effective you r
          solu tions are at removing the spam are a good idea. Recording and measu ring can also be an effective way
          of determining whether there are any specific trends and in some cases can be u sed to develop completely

6 of 12                                                                                                           05/07/2011 18:08
Systems Administration T oolkit: Spam and virus fil...                                http://www.ibm.com/developerworks/aix/library/au...

          different ways of examining the email as it comes in to make the process more effective.

          If you are u sing a t ool like Amavis, then the information abou t how each e-mail has been treated can be
          extracted by parsing the contents of t he log file. Listing 2 shows a single line from the Amavis log file.

          Lis ting 2. Line from the Amavis log file

          Nov 26 11:33:45 constable.example.com /usr/bin/amavisd[2257]: (02257-04)Blocked SPAM,
          [] [] <jqyay@quintiles.com> ->
          <null@gendarme.example.com>, quarantine: quarantine@gendarme.example.com,
          Message-ID: <1d9b01c83020$3150e150$c0a8008f@Ned>, mail_id: YDOXKqndoiPU,
          Hits: 69.428, 11621 ms

          T he "Blocked SPAM" is the u sefu l fragment of the log ou tpu t, as it tells you both what the e-mail was
          identified as and what happened to it. T he first word tells you whether the e-mail was blocked or passed.
          T he second describes the type, inclu ding spam, infected (viru s), bad header, banned, or clean. Listing 3
          shows a Perl script that extracts this information and su mmarizes it.

          Lis ting 3. Perl s cript that extracts log output


          my $stats = {};


              next unless (m{/usr/bin/amavisd\[\d+\]: \(\d+-\d{2}\)});

              if (m/(Passed|Blocked) [A-Z]+/)
                  my ($proc_mode,$proc_type) = (m/(Passed|Blocked) ([-A-Z]+)/);

          foreach my $mode (sort keys %{$stats})
              my $modetotal = 0;
              print "$mode\n";
              foreach my $type (sort keys %{$stats->{$mode}})
                  printf("\t%-20s %7d\n",$type,$stats->{$mode}->{$type});
                  $modetotal += $stats->{$mode}->{$type};
              printf("\t%-20s %7d\n",'Total',$modetotal);

          To run the script we pipe the contents of the file through the script:

          $cat amavis.log |perl parse_amavis.pl
              BANNED                 32793
              CLEAN                      1
              INFECTED                 766
              SPAM                   85499
              Total                 119059
              BAD-HEADER              1415
              CLEAN                  70588
              SPAM                     356
              Total                  72359

          T his u nfortu nately shows that more t han 62 percent of t he e-mail received was blocked becau se it was

7 of 12                                                                                                                 05/07/2011 18:08
Systems Administration T oolkit: Spam and virus fil...                         http://www.ibm.com/developerworks/aix/library/au...

          With a little additional work, you can extract the informat ion from the log and write that data into a
          database. Listing 4 shows the skeleton of a script that parses the Amavis log information in more detail.

          Lis ting 4. Skeleton of a s cript that pars es the Amavis log


          use Time::ParseDate;


              next unless (m{/usr/bin/amavisd\[\d+\]: \(\d+-\d{2}\)});
              next if (m{(mcfilter|slpfliter)});
              if (m/(Passed|Blocked) [A-Z]+/)
                  my ($datetime,$host,$proc_mode,$proc_type,

                  my @blocks = split(/\s+/);

          # Extract the date

                  $datetime = parsedate(sprintf("%s %s %s",@blocks[0..2]));

          # Extract the hose

                  $host = $blocks[3];

          # Extract processing information

                  ($proc_mode,$proc_type) = (m/(Passed|Blocked) ([-A-Z]+)/);

          # Extract the sender/recipient information

                  ($sender,$recip) = (m/<(.*?)> -> <(.*?)>/);

          # Extract the spam score; anything with a negative score
          # is effectively zero (i.e. it passed)

                  ($hits) = (m/Hits: ([-0-9.]+),/);
                  $hits = 0 if ($hits eq '-');

          # Now write the information into a database...


          Writing that information into a database table is an exercise for the reader. If you decide to u se this script,
          you shou ld record the date, e-mail addresses, spam score, processing, and other information. T hat will
          extract the maximu m amou nt of information back ou t of the database again.

          As an example of what you can achieve once you have this information in a database, Figu re 5 shows a
          graph generated from a database of parsed logs from Amavis.

          Figure 5. Spam s tatis tics as a graph

8 of 12                                                                                                          05/07/2011 18:08
Systems Administration T oolkit: Spam and virus fil...                   http://www.ibm.com/developerworks/aix/library/au...

          You can see here mu ch more clearly the marked difference between clean passed mail (green) and
          blocked mail (red).


          Finally, bear in mind that even employing all these solu tions in combination with an existing spam filtering
          solu tion might not resolve the problem entirely.

          You can improve the situ ation even fu rther if you take a coherent approach to the system. For example,
          you 've looked at a nu mber of solu tions in this article, bu t keep in mind that:

               Any au to spam or ham reporting solu t ion shou ld also u pdate the stats, accordingly.
               Any au to spam or ham reporting solu t ion shou ld u pdate the whitelists and blacklists, if necessary.
               If u sing server-side filtering and those ru les inclu de fu ll e-mail addresses, u se the server-side filters
               to u pdate the whit elists and blacklist s.
               Consider u sing a database or a front end to allow u sers t o u pdate the whitelists and blacklists.

          Ultimately, you want to make su re that you r e-mail syst em and the spam filtering solu tion have the right
          information and the right qu ality of information to enable them to filter the spam effectively.

          Su mmary

          Spam filtering solu tions are a necessary evil in today's e-mail climate. It is virtu ally impossible t o avoid the
          spam and, even if you never pu blish you r e-mail address, the chances are you will get spam.

          As you 've seen in t his article, most spam solu tions u se a variety of different techniqu es to filter the spam
          on it's way into you r e-mail system, bu t you can improve t he qu ality of the filtering by working with you r
          u sers and the spam filters. Providing a method for report ing missed spam, au tomatically u pdat ing black
          and whitelists, and u sing a secondary filter system can all help to redu ce the amou nt of spam that reaches
          you r inbox. Using t he techniqu es in this article either removes the responsibility from you to manu ally
          u pdate the systems, or empowers you to help improve the overall spam filtering solu tion.

          Resou rces


               Use an RSS feed to requ est notification for the u pcoming articles in this series. (Find ou t more abou t
               RSS feeds of developerWorks content.)

               System Administration T oolkit : Check ou t other parts in this series.

9 of 12                                                                                                             05/07/2011 18:08
Systems Administration T oolkit: Spam and virus fil...               http://www.ibm.com/developerworks/aix/library/au...

            Popu lar content : See what AIX® and UNIX content you r peers find interesting.

            Check ou t other articles and tu torials written by Martin Brown:
                Across developerWorks and IBM

            AIX and UNIX: T he AIX and UNIX developerWorks zone provides a wealth of information relating to all
            aspects of AIX syst ems administration and expanding you r UNIX skills.

            New to AIX and UNIX? : Visit the "New to AIX and UNIX" page to learn more abou t AIX and UNIX.

            AIX Wiki: A collaborative environment for technical information related to AIX.

            Search the AIX and UNIX library by topic:
                System administrat ion
                Application development
                Secu rity
                T ips
                T ools and u tilities
                Java™ technology
                Linu x
                Open sou rce

            Safari bookstore: Visit this e-reference library to find specific technical resou rces.

            developerWorks technical events and webcasts: Stay cu rrent with developerWorks technical events
            and webcasts.

            Podcasts: T u ne in and catch u p with IBM technical experts.

        Get products and technologies

            IBM trial software: Bu ild you r next development project with software for download directly from

            Amavisd is a mail filtering solu tion that interfaces to many solu tions like SpamAssassin, Razor and
            nu merou s viru s scanners.

            SpamAssassin: T his tool is a highly configu rable spam scanner that u ses a variety of techniqu es,
            inclu ding basic mat ching and Bayesian scanning to give e-mails a score indicating their likelihood of
            being spam.

            nmap: T his tool scans network hosts and ports and provides you information abou t potential
            u nau thorized hosts and services.

        Dis cus s

            Participate in the developerWorks blogs and get involved in the developerWorks commu nity.

            Participate in the AIX and UNIX foru ms:
                 AIX —technical foru m
                 AIX 6 Open Beta
                 AIX for Developers Foru m
                 Clu ster Systems Management
                 IBM Su pport Assistant
                 Performance T ools—technical
                 Virtu alization—technical
                 More AIX and UNIX foru ms

10 of 12                                                                                                      05/07/2011 18:08
Systems Administration T oolkit: Spam and virus fil...                http://www.ibm.com/developerworks/aix/library/au...

        Abou t the au thor

        Martin Brown has been a professional writer for more than seven years. He is the au thor of nu merou s
        books and articles across a range of t opics. His expertise spans myriad development langu ages and
        platforms—Perl, Python, Java™, JavaScript, Basic, Pascal, Modu la-2, C, C++, Rebol, Gawk, Shellscript,
        Windows®, Solaris, Linu x, BeOS, Mac OS X and more—as well as Web programming, systems management,
        and integration. He is a Su bject Matter Expert (SME) for Microsoft® and regu lar contribu tor t o
        ServerWatch.com, Linu xT oday.com, and IBM developerWorks. He is also a regu lar blogger at
        Compu terworld, T he Apple Blog, and other sites. You can contact him throu gh his Web site.

        Close [x]

        developerWorks: Sign in
        If you don't have an IBM ID and password, register here.

        IBM ID:
        Forgot you r IBM ID?

        Forgot you r password?
        Change you r password

        After sign in: Stay on the current page

             Keep me signed in.

        By clicking Submit, you agree to the developerWorks terms of u se.

           Subm it   C ancel

        T he first time you sign into developerWorks, a profile is created for you . T his profile inclu des t he first
        name, last name, and display name you identified when you registered with developerWorks. Select
        information in your developerWorks profile is dis played to the public, but you may edit the
        information at any time. You r first name, last name (u nless you choose to hide t hem), and display name
        will accompany the content that you post.

        All information su bmitted is secu re.

        Close [x]

        Choose your display name
        T he first time you sign in to developerWorks, a profile is created for you , so you need to choose a display
        name. You r display name accompanies the content you post on developerWorks.

        Pleas e choos e a dis play name between 3-31 characters . You r display name mu st be u niqu e in the
        developerWorks commu nity and shou ld not be you r email address for privacy reasons.

        Display name:                             (Mu st be between 3 – 31 characters.)

        By clicking Submit, you agree to the developerWorks terms of u se.

           Subm it   C ancel

        All information su bmitted is secu re.

11 of 12                                                                                                       05/07/2011 18:08
Systems Administration T oolkit: Spam and virus fil...                                  http://www.ibm.com/developerworks/aix/library/au...

                             Average rating (10 votes)

            1 star                      1 star
            2 stars                       2 stars
            3 stars                       3 stars
            4 stars                       4 stars
            5 stars                       5 stars

           Subm it

        Add comment:

        Sign in or register to leave a comment.

        Note: HT ML elements are not su pported within comments.

            Notify me when a comment is added1000 characters left


        Be the first to add a comment

           Print t his pa ge     Sha re t his pa ge       Follow developerWorks

           T echnical t opics                            Evaluat ion            Communit y       About                    IBM
                                  Java technology        s of t war e                            d eveloper Wor ks
           AIX and UNIX                                                         Forums                                    Solutions
                                  Linux                  By IBM product                          Site help and feedback
           IBM i                                                                Groups                                    Software
                                  Open source            By evaluation method                    Contacts
           Information                                                          Blogs                                     Software services
           Management             SOA and web services   By industry                             Article submissions
                                                                                Wikis                                     Support
           Lotus                  Web development                               Terms of use                              Product information
           Rational                                      Event s                                 Relat ed r es our ces
                                  XML                                           Report abuse                              Redbooks
           Tivoli                                        Briefings                               Students and faculty
                                  Mor e...                                                                                Privacy
           WebSphere                                     Webcasts               IBM Champion     Business Partners
                                                         Find events            program

           Cloud computing                                                      Mor e...

           Integrated Service

12 of 12                                                                                                                              05/07/2011 18:08

Shared By: