[Phishing]Re: Anti-virus for FreeBSD

Matthew Seaman matthew at FreeBSD.org
Wed Mar 23 17:02:40 UTC 2016

On 2016/03/23 16:31, Daniel Feenberg wrote:
> Is there a package out there that would block all email messages with
> binary executable content? I understand that pdf and word files may
> contain executable code - the package would have to be able to
> distinguish such files with executable code and those without. (Is that
> possible)?

It is not possible a priori to strip out any file belonging to some
arbitrary application which implements some sort of embedded macro
language, let alone tell if any such file actually contains any
executable bits.   The best you can do is recognise commonly used file
formats where embedded code is possible, and strip those out.

Any reasonable MTA should be able to do that for you, although it may
take some rather more advanced configuration than is usually necessary.

This is essentially the approach taken on these (FreeBSD) mailing lists,
except here, it's reversed: all attachements are removed, except for a
certain number of known-harmless ones, like PGP-Mime signatures or some
simple text formats.

If you're specifically concerned about Phishing emails, rather than, say
'Spear Phishing' (ie. individually tailored messages) then your best bet
is something like Vipul's Razor or DCC which are services that
distribute checksums of known spam messages -- the concept being that
spammers send out a large number of pretty much identical messages and
it is highly likely that someone else has received the spam and reported
it before it hits your mail server.



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 972 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20160323/aa084be4/attachment.sig>

More information about the freebsd-questions mailing list