On Mon, 2009-08-03 at 11:25 +0100, Steve Freegard wrote:
> Karsten Bräckelmann wrote:
> > What I'm most interested in at this point is feedback on code (and
> > comments), and of course the POD, settings in general, features or
> > understandability. Opinions, thoughts, human review. Not necessarily
> > statistics just yet.
> As no-one else has commented yet - I thought I'd start the ball rolling.
Thanks for your comments, Steve, much appreciated. :)
(Covered the "coincidental" end of this particular spam run in my
previous post, other sub-thread.)
> However I did have a few obfu messages saved and running them through
> GUDO with the example settings from the perldoc captured them nicely.
>
> The documentation is straightforward and relatively easy to understand
> given the subject matter being quite complex and the example settings
> appear to work well.
Good to hear, thanks. :) I still got a feeling I should re-write some
parts of the POD. Though when I looked into it, nothing apparent stuck
out, and it was all clear -- to me. ;)
FWIW, the example settings are quite broad. More sophisticated rules can
easily be written. The defines should help a great deal in structuring.
However, given the tests to weed out non-obfuscated URIs or non-URIs,
even the broad rules should be safe.
Moreover, this plugin is not primarily intended to score on its own. But
to have URI DNSBLs do the scoring. Thus, erroneously picking up innocent
bystanders merely will result in an additional DNS lookup, but not
increase the score of the message.
> All in all - I'd say it works great.
:-)
--
char *t="\10pse\0r\0dtu...@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i<l;i++){ i%8? c<<=1:
(c=*++x); c&128 && (s+=h); if (!(h>>=1)||!t[s+h]){ putchar(t[s]);h=m;s=0; }}}
