Skip site navigation (1)Skip section navigation (2)
Date:      Wed, 23 Mar 2016 17:02:26 +0000
From:      Matthew Seaman <matthew@FreeBSD.org>
To:        freebsd-questions@freebsd.org
Subject:   Re: [Phishing]Re: Anti-virus for FreeBSD
Message-ID:  <56F2CC22.9090500@FreeBSD.org>
In-Reply-To: <alpine.LRH.2.20.1603231224140.8892@sas1.nber.org>
References:  <wu7vb4fm8ji.fsf@banyan.cs.ait.ac.th> <CALfReyeHNrqZsCd_-3gMb+5RDEnW8aK2QfYCDRSBG+3bN5tpsQ@mail.gmail.com> <1458712914.1578.37.camel@au.dyndns.ws> <62985.128.135.52.6.1458748953.squirrel@cosmo.uchicago.edu> <alpine.LRH.2.20.1603231224140.8892@sas1.nber.org>

Next in thread | Previous in thread | Raw E-Mail | Index | Archive | Help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--XqUXa3vlmG9RiPmI43iUINWdNUjRshse4
Content-Type: multipart/mixed; boundary="2IaAQDaID2iq2T5AXAnmqre65PrJ1pJji"
From: Matthew Seaman <matthew@FreeBSD.org>
To: freebsd-questions@freebsd.org
Message-ID: <56F2CC22.9090500@FreeBSD.org>
Subject: Re: [Phishing]Re: Anti-virus for FreeBSD
References: <wu7vb4fm8ji.fsf@banyan.cs.ait.ac.th>
 <CALfReyeHNrqZsCd_-3gMb+5RDEnW8aK2QfYCDRSBG+3bN5tpsQ@mail.gmail.com>
 <1458712914.1578.37.camel@au.dyndns.ws>
 <62985.128.135.52.6.1458748953.squirrel@cosmo.uchicago.edu>
 <alpine.LRH.2.20.1603231224140.8892@sas1.nber.org>
In-Reply-To: <alpine.LRH.2.20.1603231224140.8892@sas1.nber.org>

--2IaAQDaID2iq2T5AXAnmqre65PrJ1pJji
Content-Type: text/plain; charset=windows-1252
Content-Transfer-Encoding: quoted-printable

On 2016/03/23 16:31, Daniel Feenberg wrote:
> Is there a package out there that would block all email messages with
> binary executable content? I understand that pdf and word files may
> contain executable code - the package would have to be able to
> distinguish such files with executable code and those without. (Is that=

> possible)?

It is not possible a priori to strip out any file belonging to some
arbitrary application which implements some sort of embedded macro
language, let alone tell if any such file actually contains any
executable bits.   The best you can do is recognise commonly used file
formats where embedded code is possible, and strip those out.

Any reasonable MTA should be able to do that for you, although it may
take some rather more advanced configuration than is usually necessary.

This is essentially the approach taken on these (FreeBSD) mailing lists,
except here, it's reversed: all attachements are removed, except for a
certain number of known-harmless ones, like PGP-Mime signatures or some
simple text formats.

If you're specifically concerned about Phishing emails, rather than, say
'Spear Phishing' (ie. individually tailored messages) then your best bet
is something like Vipul's Razor or DCC which are services that
distribute checksums of known spam messages -- the concept being that
spammers send out a large number of pretty much identical messages and
it is highly likely that someone else has received the spam and reported
it before it hits your mail server.

	Cheers,

	Matthew



--2IaAQDaID2iq2T5AXAnmqre65PrJ1pJji--

--XqUXa3vlmG9RiPmI43iUINWdNUjRshse4
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - https://gpgtools.org

iQJ8BAEBCgBmBQJW8swpXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw
MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTn4EcP/0d41VzJF0PH/Yp2JElbyEvx
c2Zf3Hh3IVnLaItoE1ZhHZx3Q9pShd3ny9yRm3yU7Q2j4ZB5bCYTZXeagN1gkA75
QaYa4en0srqzMGm17TsKap+BDzfChTZJNgK4xEXCaQ/cAwoSUakC/a7NYjVR0PNI
zWFspOxFPO8ZTq9TAWGosjVMg/NjuRAmr7G1VgprEGmVqJLPnLbMpYodlWdLLl3P
4gD/fviY6NilkaD9XSk+QcBLQYGPeQ42SexUjsnsU7zMbgF8745LBMIKF1D6BLxj
6f1h+li1EnuXjO+ZFWBiOao5gNfZxOA1HssidFL9EU+ou/HUXQyhyw49MCCPvOVd
lzTjF8+9xOyLNqS3JaL6Z9yA8Gdxy3wPipyYzE5GdwiuG21KIgfOS4OQRSD/rOO5
uhgN2rsgxJygM7NuYp4r0IwfQ7ciuC3bFQqWQY4syO5SsSL50vuHMhzC4qHqFW5e
KnAuPlxZSv2avSWwFl9E03pww3G9O5BfRkoQgV/W9/M0CRW88btQjtez+lKZJQ4i
6MZKCXiJw+FkIyZGBn+Wm9fQFcq0lmkPpVTeZoXrCNxL8y4EJw1cvctttFsDreFj
qKOPy5RKA4DBv43b6WwslO95vr3JGy6Mg8JfQfEIN8oD6FjOJnwDBtowlo17dKcG
coNKy6rtiUBeijdx+rG6
=JVOF
-----END PGP SIGNATURE-----

--XqUXa3vlmG9RiPmI43iUINWdNUjRshse4--



Want to link to this message? Use this URL: <http://docs.FreeBSD.org/cgi/mid.cgi?56F2CC22.9090500>