Date: Wed, 23 Mar 2016 12:11:42 -0500 (CDT) From: "Valeri Galtsev" <galtsev@kicp.uchicago.edu> To: "Matthew Seaman" <matthew@FreeBSD.org> Cc: freebsd-questions@freebsd.org Subject: Re: [Phishing]Re: Anti-virus for FreeBSD Message-ID: <50432.128.135.52.6.1458753102.squirrel@cosmo.uchicago.edu> In-Reply-To: <56F2CC22.9090500@FreeBSD.org> References: <wu7vb4fm8ji.fsf@banyan.cs.ait.ac.th> <CALfReyeHNrqZsCd_-3gMb%2B5RDEnW8aK2QfYCDRSBG%2B3bN5tpsQ@mail.gmail.com> <1458712914.1578.37.camel@au.dyndns.ws> <62985.128.135.52.6.1458748953.squirrel@cosmo.uchicago.edu> <alpine.LRH.2.20.1603231224140.8892@sas1.nber.org> <56F2CC22.9090500@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, March 23, 2016 12:02 pm, Matthew Seaman wrote: > On 2016/03/23 16:31, Daniel Feenberg wrote: >> Is there a package out there that would block all email messages with >> binary executable content? I understand that pdf and word files may >> contain executable code - the package would have to be able to >> distinguish such files with executable code and those without. (Is that >> possible)? > > It is not possible a priori to strip out any file belonging to some > arbitrary application which implements some sort of embedded macro > language, let alone tell if any such file actually contains any > executable bits. The best you can do is recognise commonly used file > formats where embedded code is possible, and strip those out. > > Any reasonable MTA should be able to do that for you, although it may > take some rather more advanced configuration than is usually necessary. > > This is essentially the approach taken on these (FreeBSD) mailing lists, > except here, it's reversed: all attachements are removed, except for a > certain number of known-harmless ones, like PGP-Mime signatures or some > simple text formats. Brilliant! As opposed to flawed anti-virus logic! > > If you're specifically concerned about Phishing emails, rather than, say > 'Spear Phishing' (ie. individually tailored messages) then your best bet > is something like Vipul's Razor or DCC which are services that > distribute checksums of known spam messages -- the concept being that > spammers send out a large number of pretty much identical messages and > it is highly likely that someone else has received the spam and reported > it before it hits your mail server. > > Cheers, > > Matthew > > > ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?50432.128.135.52.6.1458753102.squirrel>