On the sig names I add in the "line number" at the end of the signature
name, in order to make generating a local.ign file easier.
As you've found, with signatures that aren't static, the line number is
worthless as it keeps changing per update and so you
can't add it to a local.ign file either :(
Bill's script does allow better "tracking" of signatures, so you might
want to take a look at that, as a starting point.
The other problem is that if a user presents a bounce message with say
signature "Sanesecurity.Jurlbl.Auto.13" by the time you take a look,
the line number might have changed, so you can't find the actual domain
in the email.
So, I'm going to change the Jurlbl.Auto name to this format - removing
the line number and instead adding an md5 hash of the domain/url:
Sanesecurity.Jurlbl.Auto.e7b45ef2ba29f63c1adbfe038e017125
If a user presents
"Sanesecurity.Jurlbl.Auto.e7b45ef2ba29f63c1adbfe038e017125" to you, you
can grep it on the jurlbla.ndb file, find the hex,
eg; "2e7069676d6f6e65712e636e2f" and then decode it to : ".pigmoneq DOT
cn/". If you can't find it...you know the signature has already been
removed and you can probably forget about it.
If the above format make sense, then I'll try and implement it.. and
Bill will no doubt do the same with the INetMsg-SpamDomains
