I have only recently begun using SA 2.63, because that's what my host made
available through automatic install.
With the help of this group and such as SARE and other available rulesets,
I am catching a load of spam. No Bayes, just the packaged rulesets and the
local.cf. I am enjoying learning regex and how to write rules. If I get
brave, I may try to implement RDJ.
Questions:
1. I have been reluctant to implement Bayes. With close to 200 users,
There's no shortage of spam to teach with, but there's only my own ham,
which consists mostly of some list mail such as this, some clients and a
few friends (we talk on the phone far more often than we email). I'm
certainly not going to go digging into my clients' mailboxes for it. It
thus appears to me that for Bayes to learn my ham wouldn't really be a good
lesson. Am I correct? My big client is a publisher, and the words in their
ham are considerably different than in mine.
2. Is there any compelling reason to install SA 3.x myself? Given how I am
using it and am likely to continue using it, 2.63 seems to be accomplishing
quite a bit. It don't seem to be broke, should I fix it?
3. Regarding regex, I see a number of rules that contain a construction
such as this (from Mike Kettler's Anti Drug ruleset):
body __DRUGS_ERECTILE4 /\bC(?:alis|ilias|ilais)\b/i
What does the "?:" do? I see similar sules without it, which appear to do
what is intended, I am not finding much to explain it in any regex search
I've done.
Matt
