On Tue, 15 Dec 2009, LuKreme wrote:
On 15-Dec-2009, at 09:42, Charles Gregory wrote:
The 'issue' (as I see it) is that a great many servers install a
'standard' SA 'package'.... So it is important to ....
to make the best possible assessment of all rules...
The trouble with that is exactly what is happening now, people getting
spam through because HABEAS has a −8.0 score in the standard config.
Which finally brings us back to the core questions which seem to go
unanswered:
1) Is Habeas (whoever runs it) exercising due diligence?
2) OR has Habeas changed such that it does not deserve such
a strong negative score?
3) Along side the second question is the issue of whether the answer is
sufficiently uniform across diverse systems for it to be a default?
But no matter what other answers may be true, we should look at the
current circumstance and ask why there has not been an 'update' that
corrects for it? With Anti-virus engines, like Clam, there are *frequent*
'signature' updates, and then less frequent updates to the 'engine'.
It seems to me (could bt wrong?) that SA rule updates are (almost) tied to
the engine updates? Should there not be a monthly (?) 'mass check' that
updates rules to reflect their changing effectiveness?
- Charles
