[Phishing]Re: Anti-virus for FreeBSD

[Valeri Galtsev]

On Wed, March 23, 2016 12:02 pm, Matthew Seaman wrote:
> On 2016/03/23 16:31, Daniel Feenberg wrote:
>> Is there a package out there that would block all email messages with
>> binary executable content? I understand that pdf and word files may
>> contain executable code - the package would have to be able to
>> distinguish such files with executable code and those without. (Is that
>> possible)?
>
> It is not possible a priori to strip out any file belonging to some
> arbitrary application which implements some sort of embedded macro
> language, let alone tell if any such file actually contains any
> executable bits.   The best you can do is recognise commonly used file
> formats where embedded code is possible, and strip those out.
>
> Any reasonable MTA should be able to do that for you, although it may
> take some rather more advanced configuration than is usually necessary.
>
> This is essentially the approach taken on these (FreeBSD) mailing lists,
> except here, it's reversed: all attachements are removed, except for a
> certain number of known-harmless ones, like PGP-Mime signatures or some
> simple text formats.

Brilliant! As opposed to flawed anti-virus logic!

>
> If you're specifically concerned about Phishing emails, rather than, say
> 'Spear Phishing' (ie. individually tailored messages) then your best bet
> is something like Vipul's Razor or DCC which are services that
> distribute checksums of known spam messages -- the concept being that
> spammers send out a large number of pretty much identical messages and
> it is highly likely that someone else has received the spam and reported
> it before it hits your mail server.
>
> 	Cheers,
>
> 	Matthew
>
>
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++