Anti-Phishing Update -- New data feed
Julian Field
MailScanner at ecs.soton.ac.uk
Fri Jun 19 09:06:33 IST 2009
On 18/06/2009 21:54, Steve Freegard wrote:
> Mark Sapiro wrote:
>
>> On Thu, Jun 18, 2009 at 09:14:27AM +0100, Julian Field wrote:
>>
>>> On 17/06/2009 17:01, Steve Freegard wrote:
>>>
>>>> In addition to removing the 'full' rules; change (match|match|match) to
>>>> (?:match|match|match) which is non-capturing and should save a
>>>> considerable amount of memory in SA and should reduce these times.
>>>>
>>>>
>>> I have made both those changes.
>>>
>>
>> v2.02 has changed the regexps in the rules from the form
>>
>> ((local1 at example.com)|(local2 at example.com) ... (localn at example.com))
>>
>> to
>>
>> (?:(local1 at example.com)|(local2 at example.com) ... (localn at example.com))
>>
>> but wouldn't
>>
>> (?:(?:local1 at example.com)|(?:local2 at example.com) ... (?:localn at example.com))
>>
>> be much better in terms of saving memory by not capturing matches?
>>
>> See the attached Spear.Phishing.Rules.patch
>>
>>
> I hadn't noticed that; but both are wrong - it should be:
>
> (?:local1\@example\.com|local2\@example\.com)
>
> As the inner parenthesis are unnecessary.
>
Fixed. Up to 2.03 now.
Jules
--
Julian Field MEng CITP CEng
www.MailScanner.info
Buy the MailScanner book at www.MailScanner.info/store
Need help customising MailScanner?
Contact me!
Need help fixing or optimising your systems?
Contact me!
Need help getting you started solving new requirements from your boss?
Contact me!
PGP footprint: EE81 D763 3DB0 0BFD E1DC 7222 11F6 5947 1415 B654
Follow me at twitter.com/JulesFM and twitter.com/MailScanner
--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.
More information about the MailScanner
mailing list