Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 Mar 2016 11:46:51 +0700
From:      Olivier Nicole <Olivier.Nicole@cs.ait.ac.th>
To:        Matthew Seaman <matthew@FreeBSD.org>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: [Phishing]Re: Anti-virus for FreeBSD
Message-ID:  <wu7a8lozdms.fsf@banyan.cs.ait.ac.th>
In-Reply-To: <56F2CC22.9090500@FreeBSD.org> (message from Matthew Seaman on Wed, 23 Mar 2016 17:02:26 %2B0000)

next in thread | previous in thread | raw e-mail | index | archive | help
Matthew,

> It is not possible a priori to strip out any file belonging to some
> arbitrary application which implements some sort of embedded macro
> language, let alone tell if any such file actually contains any
> executable bits.

If you know the format of the file, I believe you can scan it and find
if it contains macro. It's time consuuming and implies you have a large
knowledge of what every file looks like. Anti virus do that.

> This is essentially the approach taken on these (FreeBSD) mailing lists,
> except here, it's reversed: all attachements are removed, except for a
> certain number of known-harmless ones, like PGP-Mime signatures or some
> simple text formats.

I think one of the reason, beside security, is to keep the list lean: if
you allow attachements, you quickly end up with email send in the form
of Words documents...

If you cannot explain your problem using plain ASCII only, then you have
to rethink what you are trying to explain first :)

best regards,

olivier



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?wu7a8lozdms.fsf>