Using spamassassin to test form input

Question

I have spamassassin installed on my computer, and I would like to use it to test form input from things such as comments (I know spamassassin is for emails, but I can't find anything for non-email), but when I test a nonsense comment spamassassin says that it is not spam.

I am using this library: https://github.com/templateria/php-spamassassin to send requests to spamd via php. I am testing like this:

$client = new \Spamassassin\Client(['hostname' => 'localhost']);

$messageid = '<' . time() .'-' . md5('[email protected]' . '[email protected]') . '@' . $_SERVER['SERVER_NAME'] . '>';

$message  = "To: [email protected]\r\n";
$message .= "From: [email protected]\r\n";
$message .= "Date: " . date("r") . "\r\n";
$message .= "Message-ID: " . $messageid . "\r\n";
$message .= "Subject: Spamassassin Comment Check\r\n\r\n";
$message .= "asdfa sadf sadf af saf s";

$results = $client->getSpamReport($message);
dd($results);

The laravel's data dump is showing this:

Result {#209 ▼
  +protocolVersion: "1.1"
  +responseCode: "0"
  +responseMessage: "EX_OK\r"
  +contentLength: "660"
  +score: -0.0
  +thresold: 5.0
  +isSpam: false
  +message: """
    Spam detection software, running on the system "A1188",\n
    has NOT identified this incoming email as spam.  The original\n
    message has been attached to this so you can view it or label\n
    similar future email.  If you have any questions, see\n
    the administrator of that system for details.\n
    \n
    Content preview:  asdfa sadf sadf af saf s [...] \n
    \n
    Content analysis details:   (-0.0 points, 5.0 required)\n
    \n
     pts rule name              description\n
    ---- ---------------------- --------------------------------------------------\n
    -0.0 NO_RELAYS              Informational: message was not relayed via SMTP\n
    -0.0 NO_RECEIVED            Informational: message has no Received headers
    """
  +headers: """
    SPAMD/1.1 0 EX_OK\r\n
    Content-length: 660\r\n
    Spam: False ; -0.0 / 5.0
    """
  +didSet: false
  +didRemove: false
}

So, is there a way I can make this work better, or is there a better program for testing non-email spam?

Answer 1

If you want a positive, you have to make your text look more like spam. The GTUBE can help: stick the string XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X into your text.

While spamassassin isn't going to be the absolute best thing to use for this, you may catch some of the spammier things. You can also augment the spamassassin ruleset to add things that you think should be caught as spam.