Hi Loren, thanks for the feedback and suggestions! I didn't actually realise
that the @ symbol had to be escaped - my bad! I'm learning as I go... What a
pain that rawbody only does one line at a time; but at least now I know this
for sure - previously I wasn't completely sure about that.
SARE and anybody else would be welcome to use my rules, although I imagine
they would be able to find a more efficient or less FP-risky way of writing
them. I haven't done any mass checks with them or anything.
Cheers,
Jeremy
----- Original Message -----
From: "Loren Wilton" <[EMAIL PROTECTED]>
To: <users@spamassassin.apache.org>
Sent: Tuesday, February 28, 2006 10:14 AM
Subject: Re: GIF stock spams
Interesting set of rules, they look like they should do fairly well. I'll
run a masscheck on them in a minute. If they are decent I'm sure SARE
would
be happy to include them in the stock spam ruleset if you give permission.
The only thing I see that makes me a little nervous is the unescaped @ in
the first rule. This is probably working because it isn't followed by an
alphabetic character. Also you have a few .* or other .+ globs. It's
always better to do a {0,something} or {1,something} size limit on these
to
keep them from running away in unexpected conditions.
You are correct that rawbody rules are largely useless, since they won't
allow any multiline checking. There is flatly no way to check more than
one
line in a rawbody rule, so you are forced into using full for this sort of
thing. A long-standing gripe of mine.
Loren
