DAve wrote: > > I have it working fine here, about 20 lines of /bin/sh and and I can > turn out any number of rule sets, even a channel per SARE rule. > > I'm willing to publish the channels if there is interest in them. I > still believe packages or sets of popular rules would be good. > Alternatively I can create a channel file with each rule commented out > and the user can download the file, uncomment the rules they want, and > run 'sa-update --channelfile MY_FILE' and be done with it.
I came out against this idea mainly because it seemed complex and unwieldy. If it is really this simple, then go for it. I would be willing to give it a try. > I still need to get a gpg sig for the channels, it's been a few years > since I did anything with gpg so there is a bit of dusting off of > braincells to do. Sorry, can't help you there. > Any thoughts on popular sets? That would probably vary quite a bit. A good start might be a set of "safe" rules. Something like this: SARE_EVILNUMBERS0 SARE_HTML0 SARE_HEADER0 SARE_GENLSUBJ0 SARE_URI0 SARE_OBFU0 Maybe along with some other good rules. SARE_FRAUD SARE_OEM SARE_RANDOM SARE_SPOOF SARE_STOCKS SARE_UNSUB SARE_WHITELIST_SPF SARE_WHITELIST_RCVD Of course it all depends on whether the user's machine has enough power to deal with a large number of rulesets. If the SARE guys are interested in this project, maybe they could come up with a list of the most commonly downloaded rulesets. -- Bowie
