If we're going to distribute code, we really need some kind of signing mechanism like PGP, otherwise the bad guys will just start hacking the servers, and putting in rules that let their spam through.
Yes, I'm paranoid, but the spammers have been going after sites using increasingly sophisticated techniques (DDOS being a fairly nasty one). It would be wise to get a step or two ahead of them. I'm not enough of a perl jockey to know if code signing is supported by the runtime (other runtimes do), but we really should start using something to verify code.
If you grab the SA binaries using CPAN, you get MD5 sums, but an RSA-style digital signature is much more trustworthy (anyone generating a fake binary can also generate a fake MD5, you need the right private key to generate a fake digital signature). I'm moderately surprised that this hasn't happened already, as hackers have gotten to other open-source projects like Debian, sendmail, etc.
Brad
On Jan 1, 2004, at 11:12 AM, Barry Porter wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
Hi all,
I have just written a new script in Perl to update bigevil.cf from Chris
Santerre's site, compare it against the version currently in use and
update if necessary, make a backup of the old script and send a
notification email.
The script has been written to run on a Windows system running
ActiveState Perl, to replace the original vb script that I created. The
zip contains a batch file that can be called from Scheduled Tasks to run
the script on the schedule you desire.
I use Mercury/32 as my mail server and I have had issues with Mercury/32
and SpamD/WinSpamC running on my server simultaneously, so there is
currently no support for restarting SpamD once the update is done. :-(
If anybody would like a copy, you can get it from: http://www.bpuk.net/downloads/bigevilup.zip
Any comments or improvements gratefully received, as I am very new to writing scripts in Perl and have a lot to learn.
- -- Regards Barry
-----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.3-nr1 (Windows XP)
iD8DBQE/9FT83wKVPLs2unURAsVrAJ4nselPJbGahmflXIdBebolPgc7DwCeI/JN uy7Pf7n2FEk0lBSGMTpz7z4= =Y3Xd -----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills. Sign up for IBM's
Free Linux Tutorials. Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click _______________________________________________ Spamassassin-talk mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
