Daniel V Klein
dvk@lonewolf.com
Wed Sep 3 19:15:02 UTC 2003
If I could independently detect Sobig, I'd do that. But what we are saying is that since we log spam with DCC, a lot of Sobig ends up in our log dirs, taking up space. There are a lot of different checksums (I assume), but still plenty of bulky bits in all those copies... -Dan > > To: Gary Mills <mills@cc.UManitoba.CA> > > From: Daniel V Klein <dvk@lonewolf.com> > > > I've had the same log cutback issue - wish I had a solution other than that > ! > > > > -Dan > > > > > Lately, our DCC logs have been running a 2 gigabytes per day. Most > > > of that seems to be Sobig e-mail. One checksum occurs 871 times in > > > one hourly sample. I've had to cut back on log retention to avoid > > > filling up the disk. > > > > > > Is there any way to disable logging for Sobig e-mail? > > I don't see how there could be. It's not just that if detecting Sobig > were completely easy and reliable, then it wouldn't be a problem. > (For example see recent the long sad story in (I think) the RISKS > digest about the university that deleted Sobig mail messages). It's > more that DCC clients aren't in that business. > > If you do have a way to detect Sobig, then why not wrap it into a script > that deletes or moves asside the objectionable log files? > Why can't something elaborated from this do the job? > > find /var/dcc/log /var/dcc/userdirs -newer marker -name 'msg.*' \ > xargs grep -l whatever | xargs -n 1 /bin/rm > touch marker > > (eg. some versions of xargs can be used to better effect with rm) > > > Vernon Schryver vjs@rhyolite.com > _______________________________________________ > DCC mailing list DCC@rhyolite.com > http://www.rhyolite.com/mailman/listinfo/dcc
More information about the DCC
mailing list
