On 9/15/10 10:02 AM, Jerry wrote:
On Wed, 15 Sep 2010 09:36:44 -0700
Dennis Peterson<denni...@inetnw.com> articulated:
Some of us see that request as a breach of etiquette as well as a
security risk. I really don't wish to publish my free pass info :)
So you enter random data in the fields. T believe that the OP simply
wanted to see the file structure; i.e., how it was constructed. I did
not get any impression that he was actively mining for your data. Then
again, I am not paranoid. By the way, and I might be incorrect, I do
not believe that Clamav displays an actual example of the file
anywhere. It might be useful to include it in the documentation.
Obviously, at least one user would have benefited from its inclusion.
Hmmm - after all that pontification, still no whitelist, real or otherwise. And
that's not all we learned.
And yes, he did ask specifically for a working whitelist. Very bad - like
borrowing a toothbrush. It was a friendly nudge, btw, not a searing flame from
on high, chorused by the dark angles of Hades, and delivered by the seven hounds
of hell. That was my second choice, though.
How about another educational minute, then. Here are 10 signatures selected at
random from the milter log I have here:
$ grep FOUND /var/log/clamd.log |awk '{print $(NF-1)}'\
|sed 's/\.UNOFFICIAL//' |sort -u
PunxsutawaneyPhil.Junk.15308
PunxsutawaneyPhil.Junk.24130
PunxsutawaneyPhil.Junk.35468
PunxsutawaneyPhil.Junk.35481
PunxsutawaneyPhil.Jurlbl.Auto.5d3831452fe3f4c978a8bb171b13dfa1
PunxsutawaneyPhil.Spam.10995
PunxsutawaneyPhil.Spam.11138
PunxsutawaneyPhil.Spam.11139
There you are - that's what the list will look like. Specific signatures are
selected at random. After a fashion.
dp
_______________________________________________
Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net
http://www.clamav.net/support/ml
