[Phishing]Re: Anti-virus for FreeBSD
galtsev at kicp.uchicago.edu
Wed Mar 23 17:11:43 UTC 2016
On Wed, March 23, 2016 12:02 pm, Matthew Seaman wrote:
> On 2016/03/23 16:31, Daniel Feenberg wrote:
>> Is there a package out there that would block all email messages with
>> binary executable content? I understand that pdf and word files may
>> contain executable code - the package would have to be able to
>> distinguish such files with executable code and those without. (Is that
> It is not possible a priori to strip out any file belonging to some
> arbitrary application which implements some sort of embedded macro
> language, let alone tell if any such file actually contains any
> executable bits. The best you can do is recognise commonly used file
> formats where embedded code is possible, and strip those out.
> Any reasonable MTA should be able to do that for you, although it may
> take some rather more advanced configuration than is usually necessary.
> This is essentially the approach taken on these (FreeBSD) mailing lists,
> except here, it's reversed: all attachements are removed, except for a
> certain number of known-harmless ones, like PGP-Mime signatures or some
> simple text formats.
Brilliant! As opposed to flawed anti-virus logic!
> If you're specifically concerned about Phishing emails, rather than, say
> 'Spear Phishing' (ie. individually tailored messages) then your best bet
> is something like Vipul's Razor or DCC which are services that
> distribute checksums of known spam messages -- the concept being that
> spammers send out a large number of pretty much identical messages and
> it is highly likely that someone else has received the spam and reported
> it before it hits your mail server.
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
More information about the freebsd-questions