Product: Declude Security Suite 4.x
Function: Hijack
Hijack is critical to ISPs today because viruses can show up at any time
and get your server on a blacklist before you can detect and react.
Problem #1 - After a customer has cleaned out their PC and removed the
virus, there must be a method to allow them to send mail again but keep
watching for a new virus infection. Currently the only solution is
A> to restart the Declude service or
B> put them in an allow section of the HIJACK.CFG file.
Neither method is acceptable because
A> clears out other Hijack'd customers who you haven't yet been able to
contact but are still spewing spam.
B> Allows them to resume sending real mail, but disables monitoring for
future infections.
Problem #2 - If the DecludeProc service crashes, or it is necessary to
reboot, all Hijack entries are cleared. This is not acceptable because it
clears out Hijack'd customer(s) still spewing spam. Some spams can get out
before they reblacklist themselves.
Suggestions-
The Hijack function should periodically save out the blacklist state to a
file - on IP address addition / change?
Add a method of informing DecludeProc to remove an IP address from the
blacklist entry.
---
This E-mail came from the Declude.JunkMail mailing list. To
unsubscribe, just send an E-mail to [EMAIL PROTECTED], and
type "unsubscribe Declude.JunkMail". The archives can be found
at http://www.mail-archive.com.
