The current problem in submitting stuff for signature generation, and
having the attachment stripped by the server is doing neither side in this
spam battle any favors. Folks try to submit, it gets stripped 2 maybe 3
times, they give up and you, unless you are quietly keeping those
strippings, never get a chance to see the next bad puppy that could turn
into the next big zero day exploit.
So, let me suggest that a new user on the list server be created, one that
uses the same login creds as the regular user to which I am posting right
now.
With 3 diffs:
1; Only this lists subscribers are notified of its existence. I am not
sure it should even be an inserted header line. I have a keep folder where
I can hold such "FFR" messages till I fall over or the universe runs down,
or a HD fails, in which event I do have amanda based backups made nightly.
2; Attachments are not stripped
3; the list is only available to your selected list of contributers &
maintainers. Never to the public.
In this manner, signatures can be generated and reviewed for FP's in the
back room, and would be of higher quality when they are released. With
that whole process, if the work flow is properly organized, being done with
potentially less delay, and hopefully without alerting the black hats that
you are aware of them.
Just my 2 cents, I'll get me coat now.
Cheers, Gene
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
Look ere ye leap.
-- John Heywood
A pen in the hand of this president is far more
dangerous than 200 million guns in the hands of
law-abiding citizens.
_______________________________________________
Help us build a comprehensive ClamAV guide:
https://github.com/vrtadmin/clamav-faq
http://www.clamav.net/support/ml
