[Esa-l] Files to poison: Hybris
Ron Johnson
rjohnson at rjohnson.com
Wed Dec 13 12:39:25 PST 2000
On Wed, 13 Dec 2000, Dustin Ankeny is thought to have said:
> What better way then to update your poisoned once a day/week?
Several ideas:
Idea#1: A separate mailing list (or possibly sub-list) that auto-announces
additions to the list. Easily filtered, admins can choose to use, or
ignore as desired.
Idea#2: Use the flat file suggested earlier, grab it with a cron job, diff
it with the current, local file, and either:
Notify postmaster of changes
-or-
Automatically activate changes
Idea#3: instead of a flat text file, an http CGI with options like:
patterns=include|exclude
ext=exe=include|exclude
Basically, the point being, an admin could setup a cron job to go get the
entries that are relevant to their systems by going to a URL with options
set to their choosing. Something like:
http://www.xyz.com/list?patterns=include&ext=exe=exclude
Some may choose to exclude various items, and the CGI could simply filter
it for them, and return the "poisoned" list with the types of items they
want.
The output could simply get placed in a file, part of the cron job runs
"diff" to see if current file is different from returned result, and if
different, replace it.
If ya wanted to get real fancy, you could give the current list a serial
number, and increment it whenever the list changed. Then all the cronjob
would have to check is if the serial number changed. If it didn't, then
further polling is not needed at all.
Anyone could setup a list like the ones mentioned above. There doesn't
need to be a single, central server (thought that'd probably be
nice). It's no different than the list of addresses/hosts that most
places deny mail from. Some subscribe to central services (like orbs,
rss, rbl, etc), some maintain it entirely on their own.
I do think that eventually, mailservers will function as virus scanners,
and subscribe to AV central hosts for "instant updates".
Idea#4: filter everything through /dev/null. Guaranteed 100% effective.
Personally, I like things that are automated, where I have to touch them
as little as possible.
--
RJohnson.com -+- Ron Johnson <rjohnson at rjohnson.com>
http://www2.rjohnson.com/me/D337kxrZ2Ca7/
More information about the esd-l
mailing list