Roberto Ullfig wrote: > Bill Landry wrote: >> Roberto Ullfig wrote: >> >>> Can I use a local.ign file to allow a signature caught by sanesecurity? >>> I've found the db entry here: >>> >>> 69599:INetMsg.SpamDomain-2m.private_pl:4:*:(2e|2f|40|20|3c|5f)707269766174652e706c(27|22|20|2f|3d|5f|3e|0a|0d) >>> >>> >>> >>> Can I just put in the local.ign file: >>> >>> sanesecurity-INetMsg-SpamDomains-2m.ndb:69599:INetMsg.SpamDomain-2m.private_pl >>> >>> >> >> Yes. >> >> >>> Will this eventually stop working? Does the line number of the signature >>> ever change? >>> >> >> Yes, the line numbers do change, however, if you are using the >> clamav-unofficial-sigs script, it will automatically update the >> local.ign file with the new line info, and also remove it from the file >> when the signature has either changed or been removed from the database. >> >> Anyway, I just removed this domain from the signature database about 15 >> minutes ago. It will be gone with the next update that goes out in >> about 30 minutes. >> >> Bill >> >> >> > Thanks! What is private_pl? How did you know which domain to remove? Did > they contact you? The domain was listed in the signature file you were asking about adding to local.ign (INetMsg.SpamDomain-2m.private_pl). It's a Polish domain, but I have no idea what its purpose is as this site is in Polish, which I don't understand. I removed the domain earlier yesterday as I was contacted by someone from uiuc.edu regarding the listing. However, as I told that person, the more serious issue is that the domain is also listed in URIBL Black: host private.pl.multi.uribl.com private.pl.multi.uribl.com has address 127.0.0.2 That listing has much broader coverage than my signature database would have. Bill