Hello Rafael,

In the downloaded package of GWAVA 4, we include a guide called "GWAVA 4 Spam Guide" which will show you how to set up the antispam and antivirus systems of GWAVA 4 including the autolearning feature.

The gist of setting up GWAVA 4 is to configure the filtering, then automate the learning process.

The filtering itself is straightforward - GWAVA 4 has several "tests" for an incoming message and if any of these tests fail, the message is considered bad (should be blocked). You decide then what GWAVA 4 does about it.

We include several tests, including a virus test, attachment tests, content tests, black list tests like RBL and SURBL^{SURBL.org">SURBL.org" class="glossary-indicator">i} and so on.

Once a message has passed all the obvious tests, then we have our all-new advanced antispam engine. Using dictionaries, this engine examines the message and determines the probability that the incoming message is spam.

Field trials have shown incredible results using this all-new engine.

The secret to making it work, however, is training. GWAVA 4 needs to be trained to know what YOU consider to be good or bad. That way, it makes better decisions.

But how to train it? Sure, you could manually train it, but that's labour intensive and an ongoing process. Luckily, GWAVA 4 can train itself. You just need to tell it where to look for good and bad mail to build up enough samples to make good decisions.

The best part is that this training is ongoing - your dictionaries will contain the latest entries so GWAVA 4 will know whether the mail entering today is good or bad.

You pick sources of bad mail - a good starting point is "SURBL hits". That is, mail stopped because it contains a "phishing^{Wikipedia.">Wikipedia." class="glossary-indicator">i}" or "phone-home" link. You know, messages that say "we are your bank, click here to give us your personal information". Messages like that. They're always bad. The error rate on SURBL is so low that you can safely say that messages with a SURBL hit are always spam so learn what spam looks like from them.

Other places to learn from include "spam traps" or "honeypots". You can create an address and aliases on your system corresponding to entries that only a spammer would use or that a legitimate sender would never use. Spammers often use typical addresses to try to get mail through. Some such addresses can be "sales@...., info@...., postmaster@...., admin@...." and the like.

Then pick places with known good mail. Watermarks are the key. Watermarks are a way to positively identify a good sender. Use them to learn what good mail is like. The more watermarks you have, the better. Use them in preference to exceptions. An exception by itself just lets mail through and doesn't train the system. So use watermarks.

If you have some domains that you just always want to let through, then use a source address filter, rather than an exception, choose "never block". If you are 100% SURE that you never receive spam from this domain, then use this source address filter to train from.

But remember: sender addresses (the FROM) are frequently faked, so use it only when you are absolutely sure.

Using these tips as a guideline and the Spam Guide as a step-by-step how-to, you should have no trouble getting GWAVA 4 set up and configured.

Willem

Willem Bagchus
GWAVA Systems Engineer
Montreal