On Wed, 14 Jan 2004, Josh Endries wrote:
> Rut roh!
>
> I just received an encrypted email from a coworker and this is what SA
> gave me. It got slammed with tripwire rules (it isn't supposed to,
> right?).
In off-list mail I've suggested an improved (I feel) regex for tripwire
which Chris says he's forwarded to the SARE group. The new regex is very
unlikely to match real base64 blocks, so it can safely be run over an
attachment or digital signature without resorting to the __BADMIMEPARSE
check. (I just saw the tripwire 1.13 announcement, but my suggestion is
not included (yet?).)
I'm informally testing the changed regex here (by dropping it into my SA
config, I don't really have a corpus to mass-check against).
Here's a quick way to apply my change if you want to try it, too:
perl -pi.orig -e 's:__TRIPWIRE_(..\s/):__TRIPWIRE_${1}[-<!\\s]\\w{0,10}:;
s:\{1\}:\\w{0,10}[->\\s]:;' 99_FVGT_Tripwire.cf
-------------------------------------------------------
This SF.net email is sponsored by: Perforce Software.
Perforce is the Fast Software Configuration Management System offering
advanced branching capabilities and atomic changes on 50+ platforms.
Free Eval! http://www.perforce.com/perforce/loadprog.html
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
