> -----Original Message-----
> From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]
> Sent: Wednesday, July 27, 2005 2:46 PM
> To: [EMAIL PROTECTED]
> Cc: Chris Santerre; 'Duncan Findlay'; [email protected]
> Subject: Re: rule secrecy, spammer evasion (was Re: PROPOSAL: create
> "SpamAssassin Rules Project")
>
>
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
> > grep MIME_BOUND_DD_DIGITS spam.log | perl -pe \
> > 's/^.*\btime=//; s/,.*$//;' > times
> >
> > gnuplot
> > gnuplot> set terminal png
> > gnuplot> set output "dd_digits.png"
> > gnuplot> plot "times" using 1:0
> >
> > result: http://taint.org/xfer/2005/dd_digits.png
>
> btw to double check this, here's a better graph, of
> hits-per-2-hours over
> that time period.
>
> http://taint.org/xfer/2005/dd_digits2.png
>
> it's a bit clearer in that it uses proper axes, so you don't
> have to work
> out the velocity of the curve to determine hit-rate; in this
> graph, higher
> numbers = more hits in each time period, lower numbers = less. the
> horizontal scale is the same as in dd_digits.png.
>
> (graphed with
> gnuplot> set output "dd_digits2.png"
> gnuplot> plot "gpdata" with boxes
> btw if anyone's curious.)
Is it quicker to restrict the number of digits it looks for?
from:
header MIME_BOUND_DD_DIGITS Content-Type =~ /boundary=\"--\d+\"/
to
header MIME_BOUND_DD_DIGITS Content-Type =~ /boundary=\"--\d{2,6}\"/
Or do I have that logic backwards?
--Chris
