BASTED Geocities spam from Brazil
James Gray
james at grayonline.id.au
Sun Mar 5 22:16:23 GMT 2006
On Sunday 05 March 2006 20:25, Raymond Dijkxhoorn wrote:
> Hi!
>
> > uri PROLO_PUBWEB_UKGEO_CHECK1 /^http:\/\/.*\.geocities\.com\//
> > score PROLO_PUBWEB_UKGEO_CHECK1 8.0
> > describe PROLO_PUBWEB_UKGEO_CHECK1 PROLO_PUBWEB_UKGEO_CHECK1, Body
> >
> > The problem is, geocities.com.br spam is on the rise and all of those are
> > being delivered.
>
> You are using a old version of the rule ;)
>
> uri PROLO_PUBWEB_GEOSPAM
> /^http:\/\/((asia|br|ar|it|uk|sg|ca|www|au|in|mx|de|es)\.)?geocities(\.yaho
>o)?\.com(\.br)?\// score PROLO_PUBWEB_GEOSPAM 12.0
Nice. BTW, you can reduce the memory footprint fairly significantly if you
don't plan to reuse any of the matches in the () (which this rule doesn't).
I offer the following memory-friendly version:
/^http:\/\/((?:asia|br|ar|it|uk|sg|ca|www|au|in|mx|de|es)\.)?geocities(?:
\.yahoo)?\.com(?:\.br)?\//
(?:foo) = less memory than (foo) coz Perl doesn't remember the match which
means you also can't use $1/$2 etc to repeat the match.
My explanation might be lacking a little technical-correctness, but I saw
noticeable (15-20%) improvements in memory footprint by rewriting all my
rules that didn't require repeat pattern matches using the (?:foo) syntax.
I've got a lot of rules though! YMMV and usual disclaimers apply :)
Cheers,
James
--
I don't know half of you half as well as I should like; and I like less
than half of you half as well as you deserve.
-- J. R. R. Tolkien
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://lists.mailscanner.info/pipermail/mailscanner/attachments/20060306/f7895102/attachment.bin
More information about the MailScanner
mailing list