[sanesecurity] Re: Sanesecurity.Jurlbl.5624.UNOFFICIAL matches "com"
- From: Bill Landry <bill@xxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Mon, 13 Jul 2009 06:28:24 -0700
Sebastian Berm wrote:
>
> Henrik Krohns wrote:
>> On Mon, Jul 13, 2009 at 12:27:55PM +0000, Alan Dawson wrote:
>>
>>> Hi...
>>> Maybe my installation is broken, but it looks like the
>>> Sanesecurity.Jurlbl.5624.UNOFFICIAL is matching "com" in email
>>>
>>> grep Sanesecurity.Jurlbl.5624 jurlbl.ndb
>>> Sanesecurity.Jurlbl.5624:4:*:636f6d
>>>
>>> when i decode that signature I get "com"
>>>
>>
>> Oh dear.. good thing I put own sanity checks in place some time ago.
>>
>> Might want to implement something like this to strip short signatures:
>>
>> for f in `ls *.ndb`; do
>> awk 'BEGIN{FS=":"} {if (length($4) >= 14) print}' < $f > $f.tmp &&
>> touch -r $f $f.tmp &&
>> mv -f $f.tmp $f
>> done
>
> Hi,
>
> Yeah, you are right...
> I manually changed the config of 37 servers so far, to start ignoring
> jurlbl now.
>
> @Bill Landry: What do you think about adding an option for such a check?
> It might be nice ;-).
>
> This signature really scared me...
Yep, me too. I've got a really busy schedule right now, but look for an
update to the download script within the next week or so. As usual, I
will announce it here...
Bill
Other related posts:
