more fat trimming

1 files changed, 20 insertions, 22 deletions

diff --git a/config-default/channels.xml b/config-default/channels.xml
index 780ae18..d0a0bf9 100644
--- a/config-default/channels.xml
+++ b/config-default/channels.xml
@@ -510,40 +510,38 @@
     <msgs></msgs>
   </channel>
   <channel id="default">
-    <event id="flood-15to45" class="floodqueue" reason="flooding 15 to 45" risk="low" time="0">15:45</event>
     <hilights></hilights>
     <msgs></msgs>
   </channel>
   <channel id="master">
-    <event id="advflood" class="advsplitflood" reason="advanced distributed flooding" risk="debug" type="public,part,caction" xresult="1">5:3</event>
-    <event id="anontalk1" class="re" reason="anontalk.com spam" risk="medium" type="public" xresult="1">(?i)w(.?)w\1w\1?.\1?a\1n\1o\1n\1t\1a\1l\1k\1?.\1?c\1o\1m</event>
+    <event id="advflood" class="advsplitflood" reason="advanced distributed flooding" risk="debug" type="public,part,caction">5:3</event>
+    <event id="anontalk1" class="re" reason="anontalk.com spam" risk="medium" type="public">(?i)w(.?)w\1w\1?.\1?a\1n\1o\1n\1t\1a\1l\1k\1?.\1?c\1o\1m</event>
     <event id="autoremove" class="re" reason="on chanserv autoremove" risk="info" type="part">^requested by ChanServ</event>
-    <event id="blacklist" class="strbl" reason="sending message containing blacklisted content" risk="low" type="public" xresult="1">blah</event>
-    <event id="cheeesespammar" class="nuhg" reason="matches a dcc-exploiter (02/23/09)" risk="medium" type="join" xresult="1">(?i).*!.=aaaah@.*!hehehe</event>
-    <event id="ctcp-dcc" class="re" reason="ctcp-dcc" risk="high" type="cdcc" xresult="1">.*</event>
-    <event id="ctcp-ping" class="re" reason="channel-wide CTCP PING" risk="medium" type="cping" xresult="1">.*</event>
-    <event id="ctcp-version" class="re" reason="channel-wide CTCP VERSION" risk="medium" type="cversion" xresult="1">.*</event>
-    <event id="dcc" class="re" override="dcc-medium" reason="using the DC.C SE.ND exploit" risk="high" type="public" xresult="1">^DCC (SEND|S?CHAT) |\bDCC (SEND|S?CHAT) &quot;?[A-Za-z0-9]+&quot;? \d+ \d+ \d+</event>
-    <event id="dcc-medium" class="re" reason="using the DC.C SE.ND exploit" risk="medium" type="public" xresult="1">DCC SEND </event>
+    <event id="blacklist" class="strbl" reason="sending message containing blacklisted content" risk="low" type="public">blah</event>
+    <event id="ctcp-dcc" class="re" reason="ctcp-dcc" risk="high" type="cdcc">.*</event>
+    <event id="ctcp-ping" class="re" reason="channel-wide CTCP PING" risk="medium" type="cping">.*</event>
+    <event id="ctcp-version" class="re" reason="channel-wide CTCP VERSION" risk="medium" type="cversion">.*</event>
+    <event id="dcc" class="re" override="dcc-medium" reason="using the DC.C SE.ND exploit" risk="high" type="public">^DCC (SEND|S?CHAT) |\bDCC (SEND|S?CHAT) &quot;?[A-Za-z0-9]+&quot;? \d+ \d+ \d+</event>
+    <event id="dcc-medium" class="re" reason="using the DC.C SE.ND exploit" risk="medium" type="public">DCC SEND </event>
     <event id="dcc-part" class="re" reason="using the DC.C SE.ND exploit in a part message" risk="high" type="part">DCC SEND </event>
     <event id="dcc-topic" class="re" reason="setting a bad topic" risk="medium" type="topic">\bDCC SEND </event>
     <event id="debugme" class="re" reason="sending a string designed to trigger a debug test alert, disregard this" risk="debug" type="public">debugantispambotdebug</event>
-    <event id="dronebl" class="dnsbl" reason="host $evhost is in dnsbl.dronebl.org ( $xresult )" risk="info" type="join" xresult="ALERT AFTERDEATH">dnsbl.dronebl.org</event>
-    <event id="efnetbl" class="dnsbl" reason="host $evhost is in rbl.efnetrbl.org ( $xresult )" risk="info" type="join" xresult="ALERT AFTERDEATH">rbl.efnetrbl.org</event>
-    <event id="genspam1" class="re" reason="generic spamming" risk="debug" type="public" xresult="1">([^ ]{4,} +)\1{5,}</event>
-    <event id="joinflood" class="floodqueue" reason="join flood (5 joins in 20 seconds)" risk="medium" type="join" xresult="1">5:20</event>
-    <event id="keylogger" class="re" override="keylogger-medium" reason="using the norton start-key-logger exploit" risk="high" type="public" xresult="1">^startkeylogger$|^stopkeylogger$</event>
-    <event id="keylogger-medium" class="re" reason="using the norton start-key-logger exploit" risk="medium" type="public" xresult="1">\bstartkeylogger\b|\bstopkeylogger\b</event>
-    <event id="last_measure_regex" class="re" reason="posting what appears to be a last measure link" risk="medium" type="public" xresult="1">http://\S+\.on\.nimp\.org</event>
-    <event id="levenflood" class="levenflood" override="flood-5to3" reason="levenshtein flood match" risk="debug" type="public" xresult="1">contentisuseless</event>
-    <event id="massflood" class="splitflood" reason="distributed flooding" risk="high" type="public,part,caction" xresult="1">4:4</event>
-    <event id="nickspam" class="nickspam" reason="nickspamming" risk="high" type="public" xresult="1">60:10</event>
-    <event id="notice" class="re" reason="sending a notice to the channel" risk="medium" type="notice" xresult="1">.*</event>
+    <event id="dronebl" class="dnsbl" reason="host $evhost is in dnsbl.dronebl.org ( $xresult )" risk="info" type="join">dnsbl.dronebl.org</event>
+    <event id="efnetbl" class="dnsbl" reason="host $evhost is in rbl.efnetrbl.org ( $xresult )" risk="info" type="join">rbl.efnetrbl.org</event>
+    <event id="genspam1" class="re" reason="generic spamming" risk="debug" type="public">([^ ]{4,} +)\1{5,}</event>
+    <event id="joinflood" class="floodqueue" reason="join flood (5 joins in 20 seconds)" risk="medium" type="join">5:20</event>
+    <event id="keylogger" class="re" override="keylogger-medium" reason="using the norton start-key-logger exploit" risk="high" type="public">^startkeylogger$|^stopkeylogger$</event>
+    <event id="keylogger-medium" class="re" reason="using the norton start-key-logger exploit" risk="medium" type="public">\bstartkeylogger\b|\bstopkeylogger\b</event>
+    <event id="last_measure_regex" class="re" reason="posting what appears to be a last measure link" risk="medium" type="public">http://\S+\.on\.nimp\.org</event>
+    <event id="levenflood" class="levenflood" override="flood-5to3" reason="levenshtein flood match" risk="debug" type="public">contentisuseless</event>
+    <event id="massflood" class="splitflood" reason="distributed flooding" risk="high" type="public,part,caction">4:4</event>
+    <event id="nickspam" class="nickspam" reason="nickspamming" risk="high" type="public">60:10</event>
+    <event id="notice" class="re" reason="sending a notice to the channel" risk="medium" type="notice">.*</event>
     <event id="phishing1" class="re" override="notice" reason="trying to steal passwords (v1)" risk="high" type="notice">identify.*/msg .* identify &lt;password&gt;</event>
     <event id="phishing2" class="re" override="notice" reason="trying to steal passwords (v2)" risk="high" type="notice">^This nickname is registered</event>
     <event id="proxybl" class="dnsbl" reason="host $evhost is in dnsbl.proxybl.org" risk="info" type="join">dnsbl.proxybl.org</event>
     <event id="redarmyoflol" class="re" reason="parting with 'red army of lol'" risk="low" type="part">RED ARMY OF LOL</event>
-    <event id="sms_spam" class="re" reason="spam link / virus" risk="low" type="public" xresult="1">\.com/sms.exe</event>
+    <event id="sms_spam" class="re" reason="spam link / virus" risk="low" type="public">\.com/sms.exe</event>
     <event id="suckmynick" class="re" reason="using a potentially offensive nick" risk="low" type="join">(suck.*dick)</event>
     <event id="wikifags2" class="re" reason="saying 'sure are a lot of wikifag'..." risk="low" type="public">(?i)^sure are a ?lot of .*fags? in here</event>
     <event id="sorbsbl" class="dnsbl" reason="host $evhost is in dnsbl.sorbs.net ( $xresult )" risk="info" type="join">dnsbl.sorbs.net</event>