On Fri, 24 Jul 2009 16:09:46 +0300, Henrik Krohns wrote: > On Fri, Jul 24, 2009 at 09:45:42AM +0000, Justin Mason wrote: >> hi Andre -- >> >> A SpamAssassin user mentioned this ruleset today: >> >> http://malware.hiperlinks.com.br/cgi/submit?action=list_sa >> >> it looks good! Would you mind if I added a copy of that to our rule-QA >> system (http://ruleqa.spamassassin.org/), primarily to determine false >> positive rate? >> >> If that goes well, btw, a possibility would be that I could generate a >> SpamAssassin rule updates channel for you, similar to how the "sought" >> ruleset works: http://wiki.apache.org/spamassassin/SoughtRules . Let me >> know if you're interested in that. > > I would add \b or so in front of the sigs.. > > For example, /zief\.pl\//i should be /\bzief\.pl\//i. Unbounded short > domains like that have chances of FPs.
Plus they should be URI rules, otherwise you're just re-scanning the entire body. Matt. ______________________________________________________________________ This email has been scanned by the MessageLabs Email Security System. For more information please visit http://www.messagelabs.com/email ______________________________________________________________________