From owner-freebsd-questions@freebsd.org Thu Mar 24 04:46:55 2016 Return-Path: Delivered-To: freebsd-questions@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 47A97ADC247 for ; Thu, 24 Mar 2016 04:46:55 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (mail.cs.ait.ac.th [192.41.170.16]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 00BB01FCA; Thu, 24 Mar 2016 04:46:54 +0000 (UTC) (envelope-from Olivier.Nicole@cs.ait.ac.th) Received: from mail.cs.ait.ac.th (localhost [127.0.0.1]) by mail.cs.ait.ac.th (Postfix) with ESMTP id D5269D7883; Thu, 24 Mar 2016 11:46:52 +0700 (ICT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=cs.ait.ac.th; h= content-type:content-type:mime-version:message-id:date:date :in-reply-to:subject:subject:from:from:received:received :received; s=selector1; t=1458794811; x=1460609212; bh=i4UT/U5ZW d9a/JlG+Ki0r0GlrO7VXMlDDdFLMcRjBXY=; b=WuHKLBc7XkUj4c2VkDbkFdX2H Azt1UDvOyE/FDcWmnVMY3luwBIsGKqT7P0LxfumN129cHRCJmGKIYIKvaVhamyMz qCgbAixHFuHF3FPhTQKIqmTc6L3s3tXc717rid/BhP3qNJ3hFTavcQPpPmTx2lgR UyHE4PMCEqnqQU0K/w= X-Virus-Scanned: amavisd-new at cs.ait.ac.th Received: from mail.cs.ait.ac.th ([127.0.0.1]) by mail.cs.ait.ac.th (mail.cs.ait.ac.th [127.0.0.1]) (amavisd-new, port 10026) with ESMTP id MsWrT0SGB9cE; Thu, 24 Mar 2016 11:46:51 +0700 (ICT) Received: from banyan.cs.ait.ac.th (banyan.cs.ait.ac.th [192.41.170.5]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mail.cs.ait.ac.th (Postfix) with ESMTPS id A8F94D7881; Thu, 24 Mar 2016 11:46:51 +0700 (ICT) Received: (from on@localhost) by banyan.cs.ait.ac.th (8.15.2/8.15.2/Submit) id u2O4kpek078755; Thu, 24 Mar 2016 11:46:51 +0700 (ICT) (envelope-from on@banyan.cs.ait.ac.th) From: Olivier Nicole To: Matthew Seaman Cc: freebsd-questions@freebsd.org Subject: Re: [Phishing]Re: Anti-virus for FreeBSD In-Reply-To: <56F2CC22.9090500@FreeBSD.org> (message from Matthew Seaman on Wed, 23 Mar 2016 17:02:26 +0000) Date: Thu, 24 Mar 2016 11:46:51 +0700 Message-ID: MIME-Version: 1.0 Content-Type: text/plain X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 24 Mar 2016 04:46:55 -0000 Matthew, > It is not possible a priori to strip out any file belonging to some > arbitrary application which implements some sort of embedded macro > language, let alone tell if any such file actually contains any > executable bits. If you know the format of the file, I believe you can scan it and find if it contains macro. It's time consuuming and implies you have a large knowledge of what every file looks like. Anti virus do that. > This is essentially the approach taken on these (FreeBSD) mailing lists, > except here, it's reversed: all attachements are removed, except for a > certain number of known-harmless ones, like PGP-Mime signatures or some > simple text formats. I think one of the reason, beside security, is to keep the list lean: if you allow attachements, you quickly end up with email send in the form of Words documents... If you cannot explain your problem using plain ASCII only, then you have to rethink what you are trying to explain first :) best regards, olivier