On Sun, 10 Jul 2005, Brian Bruns wrote:
On Sunday, July 10, 2005 12:48 PM [EDT], Damian Menscher wrote:
So yes, there's a huge amount of trust placed in the database
maintainers, and we have to hope they don't go bonkers on us. (Anyone
remember that spam RBL site that decided to announce they were going
to stop running by blacklisting the entire internet?)
That was only done after people were told for months on end to stop using the
DNSbl since it was going away. They ignored the notice that it was going
away, and cost him severe amounts of bandwidth. So, to get them to fix their
servers and stop the waste, it was set as * 127.0.0.2.
Its the fault of systems administrators not doing their jobs and keeping
their server configs up to date.
Ouch. So apparently I'm a bad sysadmin for assuming that the latest
version of SpamAssassin would behave in a reasonable way with regard to
blacklists, and for not subscribing to some mailing list that would keep
me updated on developments of those lists. Ok. Point taken.
But I'm a bit curious about people being "told for months on end to stop
using the DNSbl since it was going away." Can you point me to a
reference to back that up? Looking now, I can't find any warning that
it was going away. In fact, I see newsgroup postings (in
news.admin.net-abuse.blocklisting) where people are discussing how to
use Osirusoft on Aug 24, 2003. They noted that the site was being
DDoSed, but nothing about it being taken down, or being unusable.
Two days later, on Aug 26, 2003, Osirusoft blacklisted the world.
If I'm missing any facts I'd like to know about it. So far, though, you
haven't changed my opinion.
Anyway, this is drifting somewhat OT for this list -- my original point
(that there's a lot of implicit trust in the clamdb maintainers) still
stands. Large sites might audit any additions to the database to ensure
there aren't any malicious signatures. But I think most of us don't
have the manpower for that. Something I've considered for a future
release of clmilter_watch is to ensure that non-virus mails get through
(right now it only ensures that virus mails are blocked). That would at
least partially address this issue. Suggestions on exactly how to do
that are welcome, of course.
Damian Menscher
--
-=#| Physics Grad Student & SysAdmin @ U Illinois Urbana-Champaign |#=-
-=#| 488 LLP, 1110 W. Green St, Urbana, IL 61801 Ofc:(217)333-0038 |#=-
-=#| 4602 Beckman, VMIL/MS, Imaging Technology Group:(217)244-3074 |#=-
-=#| <[EMAIL PROTECTED]> www.uiuc.edu/~menscher/ Fax:(217)333-9819 |#=-
-=#| The above opinions are not necessarily those of my employers. |#=-
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
