> Also: currently all my databases contain the last 90 days of > compromised URIs. I can decrease the size of the DB by considering a > smaller time window, but given the increase I've been observing in > the number of compromised websites I'm not sure a change of a 2 or 3 > factor is going to last long... Emanuele... not sure it's doable nor if you can/want take the time to do it but... in a past we discussed the same thing (timeframe) while dealing with "InetMsg-Spamdomains"; the solution (ok the approach) was to have separate signature files ... so one may either pick the "2 weeks" one or the bigger "2 months" one; now, I'm not sure (as I wrote) it's doable, but it may be an idea having a second set of databases carrying signatures related to a shorter timeframe (so smaller); at that point one may decide which signature he prefers to use (not both, by the way, that doesn't make sense :D)