Hello Bart, Josh, Wednesday, January 14, 2004, 12:54:22 PM, you wrote:
>> I just received an encrypted email from a coworker and this is what SA >> gave me. It got slammed with tripwire rules (it isn't supposed to, >> right?). BS> In off-list mail I've suggested an improved (I feel) regex for tripwire BS> which Chris says he's forwarded to the SARE group. The new regex is very BS> unlikely to match real base64 blocks, so it can safely be run over an BS> attachment or digital signature without resorting to the __BADMIMEPARSE BS> check. (I just saw the tripwire 1.13 announcement, but my suggestion is BS> not included (yet?).) BS> I'm informally testing the changed regex here (by dropping it into my SA BS> config, I don't really have a corpus to mass-check against). I've tested the version with Bart's recommendations in it, and am very favorably impressed. My email corpus includes dozens (hundreds?) of fully- or partially-encrypted emails, and none of them got any significant score. Much as I liked Tripwire, I couldn't put the previous version to use, even at a flat 0.077 per rule score, because of too many hits. I dropped the new one into my custom rule set tonight without hesitation. Should be available for general download within 24 hours if Chris and Fred are on top of this. Bob Menschel ------------------------------------------------------- This SF.net email is sponsored by: Perforce Software. Perforce is the Fast Software Configuration Management System offering advanced branching capabilities and atomic changes on 50+ platforms. Free Eval! http://www.perforce.com/perforce/loadprog.html _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
