Graham Murray wrote:
> Matt Kettler <[EMAIL PROTECTED]> writes:
>
>
>> All that said, I can't see why you'd want to do anything else with DCC.
>> The FP rate on DCC, even with the defaults of |99 for fuzz counts,
>> is significant. In the SA 3.1.0 set3 mass-checks, DCC_CHECK had a S/O
>> of|
Matt Kettler <[EMAIL PROTECTED]> writes:
> All that said, I can't see why you'd want to do anything else with DCC.
> The FP rate on DCC, even with the defaults of |99 for fuzz counts,
> is significant. In the SA 3.1.0 set3 mass-checks, DCC_CHECK had a S/O
> of| 0.979, meaning that 2.1% of emai
Nevermind, I found the entry:
use_dcc { 0 | 1 } (default: 1)
Whether to use DCC, if it is available.
dcc_timeout n (default: 10)
How many seconds you wait for dcc to complete before you go on
without the results.
dcc_body_max NUMBER
dcc_fuz1_max NUMBER
dcc_fuz2_max NUMBER
DCC (Distributed C
All that said, I can't see why you'd want to do anything else with
DCC.
The FP rate on DCC, even with the defaults of |99 for fuzz counts,
is significant. In the SA 3.1.0 set3 mass-checks, DCC_CHECK had a S/O
of| 0.979, meaning that 2.1% of email matched by it was nonspam.
So more detail i
Dan wrote:
>>> 1) Is capturing header output text the best way to implement DCC in SA?
>>
>> No, using the DCC plugin that already comes with SA is the best way.
>>
>> Edit your v310.pre and load the dcc plugin. SA already has pre-scored
>> and tested rules built in. No further work needed.
>
> Exc
1) Is capturing header output text the best way to implement DCC
in SA?
No, using the DCC plugin that already comes with SA is the best way.
Edit your v310.pre and load the dcc plugin. SA already has pre-scored
and tested rules built in. No further work needed.
Excellent Matt. Is there a wa
Matt Kettler wrote:
> 1) Is capturing header output text the best way to implement DCC in SA?
>
>
> No, using the DCC plugin that already comes with SA is the best way.
>
> Edit your v310.pre and load the dcc plugin. SA already has pre-scored
> and tested rules built in. No further work needed.
Dan wrote:
> This is partly about DCC and partly about regex (yes, I've ordered two
> more regex books).
>
>
> First, there's the basic all or nothing output:
>
> X-DCC-servers-Metrics: ui1 1049; bulk Body=many Fuz1=many Fuz2=many
> X-DCC-servers-Metrics: ui1 1049; bulk Body=0 Fuz1=0 Fuz2=0
>
> .
This is partly about DCC and partly about regex (yes, I've ordered two more regex books). First, there's the basic all or nothing output: X-DCC-servers-Metrics: ui1 1049; bulk Body=many Fuz1=many Fuz2=many X-DCC-servers-Metrics: ui1 1049; bulk Body=0 Fuz1=0 Fuz2=0...that can be captured with basic
