[tor-relays] Tor and Viruses

[Porcelain Mouse]

All,

 	Thanks for your excellent responses.  I sounds like my experience 
is not exactly typical, but not unexpected, either.

I also sounds like you might be interested in more details.  Actually, 
Geoff guessed correctly.  Both shutdowns where a result of separate single 
events in Shadowserver's reports.  The first event was a connection to a 
known C&C IRC server.  After the second shutdown, but before I received 
the new logs, I figured I would just update my exit rules to reject IRC 
ports.  But, the second event was a single connection to one of 
Shadowserver's honeypot HTTP servers.  I didn't think there would be any 
use for an exit that rejected HTTP, too.

grarpamp's suggestion was great, too.  I thought of running my own IDS 
between the exit and my gateway, and, in fact, it's already on my list of 
projects.  I'll add Tor to the list of reasons I should put some effort 
into it.

Moritz - Now that I'm no longer fighting with my provider about exits, 
perhaps I can spare some time.  I don't know what you might need, but I 
would be happy to help, if I can.

Oh, and speaking of help.  I volunteer to update the FAQ, provided that's 
desirable and the Tor project folks are agreeable.  Who should I talk to 
about that?  tor-assistants at torproject.org ?

Many Thanks,
PMouse