-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Feb 25, 2004 at 02:55:01PM -0700, Jason R. Mastaler wrote:
>Are you discarding all messages that contain virus/worm signatures >before they reach TMDA? (second reply) Given the addresses that delivered, I looked through TMDA's pending queue (which still has all the messages in question) for those messages. I sorted them by size and looked at the largest ones (i.e., I was looking for viruses that I challenged). I found: * Two viruses that were originally forged FROM my domain and BOUNCED to me by someone (who then got my challenges). * Seven obvious spams. * One challenge from a system I haven't seen before (replying to a spam that was forged from my domain). I'll add its identifying characteristics to my procmail rules and stop challenging it. * Three messages that consisted ONLY of a JPG, which contains cyrillic characters and one legible email address. No idea what that is. I stopped looking when the feeling of "wasting my time" overtook the feeling of "I might find something interesting." By that time I was looking at messages with sizes less than 13K. So, basically, the numbers I posted earlier don't include any challenges I sent in response to viruses--but they might include a couple of challenges I sent in response to a response to a virus. My search wasn't really that great since (1) I found 404 matching emails for the 320 delivered challenges, (2) I didn't think to throw away the most recent (which had been virus checked) until I was a ways into my search, and (3) I didn't really cross-check whether the messages found were ACTUALLY challenged or merely held. Still, I feel pretty comfortable saying that I didn't challenge a virus. - -- Kyle Hasselbacher Never odd or even. [EMAIL PROTECTED] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFAPSHh10sofiqUxIQRAsjKAJ4tCkYOdqLubPT0iK+7Is850yCdFACfWrqh DKngo33dlqie7U38NTRL7d8= =B4Px -----END PGP SIGNATURE----- _____________________________________________ tmda-users mailing list ([EMAIL PROTECTED]) http://tmda.net/lists/listinfo/tmda-users
