procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: digital signature tests

2004-02-01 16:08:30
from [Professional Software Engineering] [Permanent Link] 
At 10:04 2004-02-01 -0800, Michael Helm wrote:

Has anyone (recently) given any thought to using crypto / digital signature
evaluations in procmail tests.   It's getting harder to send attachments
around - one of the first lines of defense in the ongoing mydoom
virus response, was bouncing zip files.
FTR, *BOUNCING* is a seriously ill-advised thing to do, both in response to viruses AND spam (an SMTP-time bounce such as a DNSBL is a different matter - your host refuses a message before it's accepted the body, and the SENDING host has to deal with relaying the news). In the case of viruses, you're just causing MORE problems and wasting bandwidth. Far better to quarantine the files. 


I am pretty sure this is all do-able; has anyone been experimenting
with it?   Some of it seems like a natural fit for the
anti-virus scanners.
I don't do it on an automated level, but PGP signing is the easiest way for individuals to send around files with executable attachments and be able to confirm the senders (and presumably, the intentional nature of having SENT the files).
Ultimatley, if you know the sender and confirm the key, if you sign their key, THAT attribute can be used as your spam/viral trust -- not the mere fact that their signature is found in a db, but that it's signed by the recipient.
As I've seen it, AVG uses a sort of signature-based thing, but it's terribly annoying to see messages which claim to be "virus free" just because the SENDER said so, and if you're not running the same software on your host, you can't confirm the signature as legit (and if you ARE running the same software, then you're already scanning your incomming messages, and thus the message sure as fsck doesn't need to bave this claim tacked on). 

---
 Sean B. Straw / Professional Software Engineering

 Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
 Please DO NOT carbon me on list replies.  I'll get my copy from the list.


_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  digital signature tests, Michael Helm
Next by Date:  smart pics, vlb
Previous by Thread:  digital signature tests, Michael Helm
Next by Thread:  smart pics, vlb
Indexes:  [Date] [Thread] [Top] [All Lists]