On 29/02/2008 1:28 AM, Shahzad Abid wrote: > Dear List > > How to determine good rules for SA, I am using following rules.
Well, I think you just answered your question about why your installation of SA is running slow. :) You need to review the descriptions of the rulesets to see if they're even intended for (or beneficial to) your version of SA. See: http://www.rulesemporium.com/rules.htm Daryl > ============================ > 70_sare_adult.cf 70_sare_html2.cf > 70_sare_uri.cf FuzzyOcr.old > 70_sare_bayes_poison_nxm.cf 70_sare_html3.cf > 70_sare_uri_eng.cf FuzzyOcr.pm > 70_sare_evilnum0.cf 70_sare_html4.cf > 70_sare_uri_x31.cf FuzzyOcr.preps > 70_sare_evilnum0.cf.sig 70_sare_html.cf > 70_sare_whitelist.cf FuzzyOcr.scansets > 70_sare_evilnum1.cf 70_sare_html_eng.cf > 70_sare_whitelist_pre30.cf FuzzyOcr.words > 70_sare_evilnum2.cf 70_sare_html_x30.cf > 70_sare_whitelist_rcvd.cf init.pre > 70_sare_genlsubj0.cf 70_sare_obfu0.cf > 70_sare_whitelist_spf.cf INSTALL > 70_sare_genlsubj1.cf 70_sare_obfu1.cf > 71_sare_redirect_pre3.0.0.cf local.cf > 70_sare_genlsubj2.cf 70_sare_obfu2.cf > 72_sare_redirect_post3.0.0.cf Logging.pm > 70_sare_genlsubj3.cf 70_sare_obfu3.cf > 88_FVGT_Bayes_Poison.cf mangled.cf > 70_sare_genlsubj4.cf 70_sare_obfu4.cf > 88_FVGT_body.cf RelayChecker.cf > 70_sare_genlsubj.cf 70_sare_obfu.cf > 88_FVGT_headers.cf RelayChecker.pm > 70_sare_genlsubj_eng.cf 70_sare_obfu_x31.cf > 88_FVGT_rawbody.cf RelayChecker.tar > 70_sare_genlsubj_x30.cf 70_sare_oem.cf > 88_FVGT_subject.cf RelayChecker.txt > 70_sare_header0.cf 70_sare_random.cf > 88_FVGT_Tripwire.cf RulesDuJour > 70_sare_header2.cf 70_sare_ratware.cf > 88_FVGT_uri.cf sa-update-keys > 70_sare_header3.cf 70_sare_specific.cf > backhair.cf spamassassin-default.rc > 70_sare_header4.cf 70_sare_specific_rolex.cf > Botnet-0.6.tar spamassassin-helper.sh > 70_sare_header.cf 70_sare_spoof.cf > Botnet.cf spamassassin-spamc.rc > 70_sare_header_eng.cf 70_sare_stocks.cf > Botnet.pm tripwire.cf > 70_sare_header_x264_x30.cf 70_sare_unsub.cf > Botnet.txt v310.pre > 70_sare_header_x30.cf 70_sare_uri0.cf > chickenpox.cf v312.pre > 70_sare_header_x31.cf 70_sare_uri1.cf > COPYING v320.pre > 70_sare_highrisk.cf 70_sare_uri2.cf > FuzzyOcr weeds_2.cf > 70_sare_html0.cf 70_sare_uri3.cf > fuzzyocr-3.5.1-devel.tar.gz weeds.cf > 70_sare_html1.cf 70_sare_uri4.cf FuzzyOcr.cf > ============================= > > Please identify which rules are bad? > >
