I just joined the list today, but I found your configuration file from back in June and it was very helpful in understanding how to fine tune Alligate. I'm going to study it's logs more closely before I start that phase though, looking for false positives. I've turned that test down to 3/10 of failure and reduced several other tests by 1/10 to 2/10 of failure in order to accommodate it (BADHEADERS for instance). It seems to get most of it's scoring from technical-type stuff instead of the heuristics, and if this is the case, I don't think that a scaled test would be that much more useful to me. If I could score the content and obfuscation, and just those things, I wouldn't be double counting the technicals, and that should reduce some false positives.
I don't want to knock Alligate, it has some nice functionality, especially when used without Declude (auto whitelisting and digest notification), and it does what it says, but it has a relatively high false positive rate in the default configuration and therefore it can't be scored higher than it is on my scale. If they could get the auto whitelisting and digest notification to work with Declude, that might make me a buyer. I'm still looking for more information on Message Sniffer within this context.
I've looked at AutoWhite and will probably give it a try, but I can't find any information on Match. Would you care to share a link?
Thanks,
Matt
John Tolmachoff (Lists) wrote:
As one of the earlier testers and helped develop the variable scale of Alligate, I can understand your position. I have a client that gets a lot of e-mail from the Far East and a lot of bcc broadcasts and lists. Many of these show elements of spam, but are legit. That is what makes it hard.
There are a number of adjustments available in Alligate. You might want to look over my config file I posted earlier today.
One thing I do for this specific issue is I use 2 programs. One is Match, which is very simple but does need to be revised. The other is AutoWhite. A 30 demo of AutoWhite is available at www.eservicesforyou.com/products/autowhite.html. Match is free.
While everyone can have a unique setup, please let me know if you would like to spend some time going over the possible configurations in Alligate.
John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com
--- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)]
--- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
