[EMAIL PROTECTED] writes: > Our intrusion detection software started picking up thousands of access > attempts to /etc/shadow (the UNIX user password store) shortly after > installing SpamAssassin on our mail gateway. > > Could one of the developers comment on why SA might be doing this and/or > if this is even an intent? (Running SA 3.1.0)
unfortunately, this is just what perl does when getpwuid() etc. are called from perl code; nothing we can do about it from SpamAssassin. can you config the IDS to silently refuse access? --j.
