On 03/08/2017 04:16 PM, mar...@mejor.pl wrote:
W dniu 08.03.2017 o 16:06, Axb pisze:
On 03/08/2017 03:58 PM, mar...@mejor.pl wrote:
W dniu 08.03.2017 o 15:27, Axb pisze:
As your command below shows you're using --reqpatlength 0
Start off with some sane as for example --reqpatlength 40
you may also want to play with --maxtextread
( I use --maxtextread 8192 for FRAUD rules)
But with --reqpatlength 10, 40, 100 or 1000 I've go no hit. Reading help
( "--reqpatlength: required pattern length, in characters (default: 0)"
) I understand that pattern in generated rule will be longer than
reqpatlength (shorter strings will be ignored). Do I correctly assume
how the parameter works?
--reqpatlength 40 tells seekphrases to ignore any phrases which are
smaller than 40 chars
just checked by line which is using
--reqpatlength 37
Any value>0 makes that no rule is generated.
body __AXB_FRAUD_LAF076 /It has come to our attention that you /
body __AXB_FRAUD_UPVTRT / in order to confirm your disbursement\./
body __AXB_FRAUD_NOFUX2 / approval, your funds will be deposited
directly into your /
body __AXB_FRAUD_Z4ZZ7D / in order to accept your disbursement\./
body __AXB_FRAUD_CUXJ6X / approval, your funds will be direct deposited
into your /
body __AXB_FRAUD_NHWXKL /: You Are Eligible to Receive Funds up to
\$.,000\. /
hard to guess what is not working on your side without full insight
What can I do to help more? Should I share all_w.h and all_w.s files?
before we go that way pls answer these questions
how many spams/hams are you processing?
do you have a file named assemble.state ? if yes, how large?
and pls zip & send me the full script you're using to generate the
rules, OFFLIST! do NOT post to list
