Anti-Phishing Update -- New data feed

Thu Jun 18 21:17:24 IST 2009

On Thu, Jun 18, 2009 at 09:14:27AM +0100, Julian Field wrote:
> 
> 
> On 17/06/2009 17:01, Steve Freegard wrote:
> >In addition to removing the 'full' rules; change (match|match|match) to
> >(?:match|match|match) which is non-capturing and should save a
> >considerable amount of memory in SA and should reduce these times.
> >   
> I have made both those changes.


v2.02 has changed the regexps in the rules from the form

((local1 at example.com)|(local2 at example.com) ... (localn at example.com))

to

(?:(local1 at example.com)|(local2 at example.com) ... (localn at example.com))

but wouldn't

(?:(?:local1 at example.com)|(?:local2 at example.com) ... (?:localn at example.com))

be much better in terms of saving memory by not capturing matches?

See the attached Spear.Phishing.Rules.patch

-- 
Mark Sapiro mark at msapiro net       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
-------------- next part --------------

--- Spear.Phishing.Rules.v2.02	2009-06-18 07:17:45.000000000 -0700
+++ Spear.Phishing.Rules.v2.02x	2009-06-18 08:56:22.000000000 -0700
@@ -87,7 +87,7 @@
   s/\\\*/[0-9a-z_.+-]*/g; # Unquote any '*' characters as they map to .*
   # Find all the numbers just before the @ and replace with them digit wildcards
   s/([0-9a-z_.+-])\d{1,3}\\\@/$1\\d+\\@/i;
-  push @quoted, '(' . $_ . ')';
+  push @quoted, '(?:' . $_ . ')';
   $count++;
 
   if ($count % $addresses_per_rule == 0) {
@@ -128,7 +128,7 @@
   s/\\\*/[0-9a-z_.+-]*/g; # Unquote any '*' characters as they map to .*
   # Find all the numbers just before the @ and replace with them digit wildcards
   s/([0-9a-z_.+-])\d{1,3}\\\@/$1\\d+\\@/i;
-  push @quoted, '(' . $_ . ')';
+  push @quoted, '(?:' . $_ . ')';
   $count++;
 
   if ($count % $addresses_per_rule == 0) {
