[sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"

From: Sebastian Berm <maillinglist@xxxxxxxxxx>
To: sanesecurity@xxxxxxxxxxxxx
Date: Mon, 13 Jul 2009 15:17:43 +0200


Henrik Krohns wrote:

On Mon, Jul 13, 2009 at 12:27:55PM +0000, Alan Dawson wrote:

Hi...
Maybe my installation is broken, but  it looks like the 
Sanesecurity.Jurlbl.5624.UNOFFICIAL is matching "com" in email

grep Sanesecurity.Jurlbl.5624 jurlbl.ndbSanesecurity.Jurlbl.5624:4:*:636f6d


when i decode that signature I get "com"


Oh dear.. good thing I put own sanity checks in place some time ago.

Might want to implement something like this to strip short signatures:

for f in `ls *.ndb`; do
        awk 'BEGIN{FS=":"} {if (length($4) >= 14) print}' < $f > $f.tmp &&
        touch -r $f $f.tmp &&
        mv -f $f.tmp $f
done


Hi,

Yeah, you are right...

I manually changed the config of 37 servers so far, to start ignoringjurlbl now.


@Bill Landry: What do you think about adding an option for such a check?
It might be nice ;-).

This signature really scared me...

--
Regards,
Sebastian Berm

Follow-Ups:
- [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"
  - From: Bill Landry

References:
- [sanesecurity] Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"
  - From: Alan Dawson
- [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"
  - From: Henrik Krohns

Other related posts:

» [sanesecurity] Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- Alan Dawson
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- Henrik Krohns
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com" - Sebastian Berm
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- Bill Landry
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- Bill Landry
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- sanesecurity
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- sanesecurity
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- Bill Landry
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- sanesecurity
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- Sebastian Berm
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- sanesecurity
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- sanesecurity
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- Benny Pedersen
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- Tom Shaw
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- Tom Shaw
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- Tom Shaw
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- Benny Pedersen
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- Tom Shaw
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- Bill Landry
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- John Horne
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- sanesecurity
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- sanesecurity
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- sanesecurity
» [sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"- MxUptime.com