Re: Sponge Kerio binary rules set

From: Joe Canuck (Joe_Canuck_at_Canada.ca)
Date: 05/28/03 

Date: Wed, 28 May 2003 10:03:00 -0400

Mike Liu wrote:

> Ok, but I don't understand why he finds it necessary to input new
> MD5 signatures into other peoples' kerio config files. Care to
> explain? Also, what's this (and the rest of his non rule config
> changes) all about?

You're raising an issue with the MD5 signatures where there isn't one.
What do you think is going to happen the first time a program of the
same name and in the same directory as what has been configured in the
MD5 signatures is executed? Kerio will compare what it has as the MD5
against a newly calculated MD5 and they will not match. Kerio will give
you a warning about it. You have full control at this point what happens.

You cannot expect to pop in the config and have it work perfectly the
first time out. Some customization will be required. I'd suggested you
wipe the MD5 slate clean and let Kerio figure out the MD5 signatures of
your own applications.

> ReadWritePassword = "00000000000000000000000000000000",
> ReadOnlyPassword = "00000000000000000000000000000000",

Authentication passwords. One for Administration, the other for
Statistics and Logs View. You can view these under Adminstration, click
on the Authentication tab.

Looks like *NO* password is configured. You can set passwords up for
both if you want. This is all under your control.

> I thought he was presenting rule sets to reject spam and spy
> sites. Why is it necessary to alter a bunch of other variables in
> as shown in his text ruleset file?

To configure other options in Kerio. Bear in mind that without a ruleset
Kerio is just a piece of useless code... it won't do anything. The power
is in the ruleset.

> If he expects me to take his word that a binary file inputed into
> my computer is ok, sorry, but I'm not gonna do that. Nor am I
> going to change the MD5 signatures of kerio just so I can use his
> rules.

So don't use it then, simple as that.

If you want to view what the binary file contains the means are at your
disposal... it certainly isn't rocket science to convert a Kerio config
file into text.

Do a little experiment... convert Sponge's binary file into text and
then post back here what you think is suspicious.

> Why doesn't he just present the ip ranges of the sites that are
> offensive? Why the other stuff? If he's marketing some type of
> program to supplement kerio he ought to just say so, not tell us
> that he is simply presenting new rules to block spammers, data
> miners, etc.

Do you know how to view those IP address? I don't think you do so follow
along below:

Right click on the Kerio icon, select Administration, click on Advanced,
highlight any rule.

See over there under the "Remote" column... thats the IP being blocked.

Want to see more? Highlight a rule, click "Edit". Another box shows up
displaying all the configuration for that rule.

Notice under "Direction"... it should say "Both"... meaning no incoming
or outgoing. Notice under "Remote Endpoint"... that is the IP(s) being
blocked. Notice under "Rule Valid"... it should say "Always". Notice
under "Action"... "Deny" should be checked.

There is no executable code, only rulesets. You can convert the raw list
as supplied by Sponge into text and view it yourself. You won't find any
executable code. 

-- 
"Its the bugs that keep it running."
                                      -Joe Canuck