Hi Matt, I guess I'll chime in here... On 08/20/03 10:31pm you wrote... >I just joined the list today, but I found your configuration file from >back in June and it was very helpful in understanding how to fine tune >Alligate. I'm going to study it's logs more closely before I start that >phase though, looking for false positives. I've turned that test down >to 3/10 of failure and reduced several other tests by 1/10 to 2/10 of >failure in order to accommodate it (BADHEADERS for instance). It seems >to get most of it's scoring from technical-type stuff instead of the >heuristics, and if this is the case, I don't think that a scaled test >would be that much more useful to me. If I could score the content and >obfuscation, and just those things, I wouldn't be double counting the >technicals, and that should reduce some false positives.
You are correct that Alligate will accumulate scores on many of the same things as Declude will. This is basically the same engine as we use on the gateway product, but it is 100% stand alone so it must do everything. The technical violations are some of the best spam indicators there are, however, you are racking up double scores. You can rely more on the heuristics by decreasing the values of certain Alligate tests or setting them to 0 (zero). Most of the hard penalty tests support this, as well as most of the heuristic tests where the score is variable depending on the degree of failure. >I don't want to knock Alligate, it has some nice functionality, >especially when used without Declude (auto whitelisting and digest >notification), and it does what it says, but it has a relatively high >false positive rate in the default configuration and therefore it can't >be scored higher than it is on my scale. If they could get the auto >whitelisting and digest notification to work with Declude, that might >make me a buyer. I'm still looking for more information on Message >Sniffer within this context. The full IMail version does everything and will work in Declude as well. But it costs more. Many Declude version users wanted scaled down, more affordable "Declude test only" version, so that's we we did. Alligate really depends on training to achieve the best results. This involves automatic whitelisting and users responses to digests. Unfortunately, using it as a test in Declude limits it's full functionality, however properly adjusted, it will still provide several features that don't exist in any other product. You just need to figure out what features are important to your flow, and which aren't and adjust the configuration accordingly. In our gateway version the false positive rate is usually in the area of 1 in 3000 messages after about 30 days of "training". In the gateway version this is all done without administrator intervention, but the same results should be possible in the Declude version, except you have to do the "training". And, you save lots of money :) You will find this list to be extremely helpful. As I am sure Scott would agree, there are people here that know the products almost better than we do ourselves. They have this down to a fine science, and the advice you can get here will help you get the most for the least. Most Declude users I have worked with are "hands on" people and know their business. Brian --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.JunkMail mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type "unsubscribe Declude.JunkMail". The archives can be found at http://www.mail-archive.com.
