On Fri, Jul 24, 2009 at 09:45:42AM +0000, Justin Mason wrote: > hi Andre -- > > A SpamAssassin user mentioned this ruleset today: > > http://malware.hiperlinks.com.br/cgi/submit?action=list_sa > > it looks good! Would you mind if I added a copy of that to our rule-QA > system (http://ruleqa.spamassassin.org/), primarily to determine false > positive rate? > > If that goes well, btw, a possibility would be that I could generate a > SpamAssassin rule updates channel for you, similar to how the "sought" > ruleset works: http://wiki.apache.org/spamassassin/SoughtRules . Let me > know if you're interested in that.
I would add \b or so in front of the sigs.. For example, /zief\.pl\//i should be /\bzief\.pl\//i. Unbounded short domains like that have chances of FPs. Cheers, Henrik
