Henrik Krohns wrote:
On Mon, Jul 13, 2009 at 12:27:55PM +0000, Alan Dawson wrote:Hi... Maybe my installation is broken, but it looks like the Sanesecurity.Jurlbl.5624.UNOFFICIAL is matching "com" in emailgrep Sanesecurity.Jurlbl.5624 jurlbl.ndb Sanesecurity.Jurlbl.5624:4:*:636f6dwhen i decode that signature I get "com"Oh dear.. good thing I put own sanity checks in place some time ago. Might want to implement something like this to strip short signatures: for f in `ls *.ndb`; do awk 'BEGIN{FS=":"} {if (length($4) >= 14) print}' < $f > $f.tmp && touch -r $f $f.tmp && mv -f $f.tmp $f done
Hi, Yeah, you are right...I manually changed the config of 37 servers so far, to start ignoring jurlbl now.
@Bill Landry: What do you think about adding an option for such a check? It might be nice ;-). This signature really scared me... -- Regards, Sebastian Berm