On Thursday, April 22, 2004, 9:01:19 AM, Chris Santerre wrote:
From: John Wilcock [mailto:john@tradoc.fr]
Perhaps the ideal would be if the script that converts bigevil to rbl form could also generate a separate "wildevil" cf file containing only the wildcard entries from bigevil, so that people can have the best of both worlds...
John.
Hold off on the wilcard idea for now. Let me figure out with the other guys what we are doing. A few ideas in the mix. But I would let wildcards stay as a regex file. It is crazy to try to lookup things like /\dmeds\d{2,6}.(?:com|net|biz)/ , that would take a looong time to do just that one!
My *strongly* preferred solution to the remaining 2% wildcarded domains would be to produce the non-wildcarded versions of domains that had actually occurred in spams.
I.e. if the current (discarded due to wildcarding) rule is
/\dmeds\d{2,6}.(?:com|net|biz)/
but the actual domain(s) that triggered the rule are
dmedsdd.com dmedsddd.net dmedsddddd.biz ...
then just get me the ones that actually occur. We can always add more later... Yes, it does mean a longer list.
People are really fixated on this small number of discarded rules, but of course there are solutions.
Jeff C.