Bill Landry wrote:
This signature really scared me...Yep, me too. I've got a really busy schedule right now, but look for an update to the download script within the next week or so. As usual, I will announce it here...It would be nice if you could stick something like for example this in the config file: ham_folders = /home/*/Maildir/.Ham/cur/ Then the script downloads the signature files to a temporary directory, and runs "clamscan" with the "-d" option to choose the temporary directory.If you ran the script, you would see that it already does this.
I've already been through your script. You scan one small test file to make sure that the signatures aren't corrupt.
If any of the emails that are scanned are then flagged up as infected by one of the new signatures you could spit out a fatal warning and not apply the new sigs.Rather, I am planing to simply strip the signatures that do not meet the user's minimum character requirements and possibly place them into a temporary file for viewing and maybe even log the occurrence to the log file.
That's not a very good solution. All that does is stop small domains being listed. It doesn't stop domains like facebook.com being listed. A *much* better solution would be to give the user an option to scan a folder(s) of their selection before rolling them out.
No reason to cause panic by spitting out fatal warnings and bypassing the entire signature file for one errant signature.
I disagree. If a user has specifically stated that no email in this folder is spam, and then a signature update starts identifying messages in that folder as spam, the user should be warned. Perhaps you could add a "ham_folder_threshold" configuration option or something so you can specify how many emails in that folder should trigger before stopping the rollout.
This sort of scanning should take place before the signatures even appear in the signature file, but the "com" listing clearly proves that it isn't. Next best option, do it locally before rolling them out.
This also protects against malicious updates to signature files, by their maintainer, or by an enterprising hacker.
-- Mike Cardwell - IT Consultant and LAMP developer Cardwell IT Ltd. (UK Reg'd Company #06920226) http://cardwellit.com/
