[sanesecurity] Re: local.ign exceptions
- From: Bill Landry <bill@xxxxxxxxxxx>
- To: sanesecurity@xxxxxxxxxxxxx
- Date: Wed, 24 Feb 2010 12:40:41 -0800
Roberto Ullfig wrote:
> Bill Landry wrote:
>> Roberto Ullfig wrote:
>>
>>> Can I use a local.ign file to allow a signature caught by sanesecurity?
>>> I've found the db entry here:
>>>
>>> 69599:INetMsg.SpamDomain-2m.private_pl:4:*:(2e|2f|40|20|3c|5f)707269766174652e706c(27|22|20|2f|3d|5f|3e|0a|0d)
>>>
>>>
>>>
>>> Can I just put in the local.ign file:
>>>
>>> sanesecurity-INetMsg-SpamDomains-2m.ndb:69599:INetMsg.SpamDomain-2m.private_pl
>>>
>>>
>>
>> Yes.
>>
>>
>>> Will this eventually stop working? Does the line number of the signature
>>> ever change?
>>>
>>
>> Yes, the line numbers do change, however, if you are using the
>> clamav-unofficial-sigs script, it will automatically update the
>> local.ign file with the new line info, and also remove it from the file
>> when the signature has either changed or been removed from the database.
>>
>> Anyway, I just removed this domain from the signature database about 15
>> minutes ago. It will be gone with the next update that goes out in
>> about 30 minutes.
>>
>> Bill
>>
>>
>>
> Thanks! What is private_pl? How did you know which domain to remove? Did
> they contact you?
The domain was listed in the signature file you were asking about adding
to local.ign (INetMsg.SpamDomain-2m.private_pl). It's a Polish domain,
but I have no idea what its purpose is as this site is in Polish, which
I don't understand.
I removed the domain earlier yesterday as I was contacted by someone
from uiuc.edu regarding the listing. However, as I told that person,
the more serious issue is that the domain is also listed in URIBL Black:
host private.pl.multi.uribl.com
private.pl.multi.uribl.com has address 127.0.0.2
That listing has much broader coverage than my signature database would
have.
Bill
Other related posts:
