At 10:04 2004-02-01 -0800, Michael Helm wrote:
Has anyone (recently) given any thought to using crypto / digital signature
evaluations in procmail tests. It's getting harder to send attachments
around - one of the first lines of defense in the ongoing mydoom
virus response, was bouncing zip files.
FTR, *BOUNCING* is a seriously ill-advised thing to do, both in response to
viruses AND spam (an SMTP-time bounce such as a DNSBL is a different matter
- your host refuses a message before it's accepted the body, and the
SENDING host has to deal with relaying the news). In the case of viruses,
you're just causing MORE problems and wasting bandwidth. Far better to
quarantine the files.
I am pretty sure this is all do-able; has anyone been experimenting
with it? Some of it seems like a natural fit for the
anti-virus scanners.
I don't do it on an automated level, but PGP signing is the easiest way for
individuals to send around files with executable attachments and be able to
confirm the senders (and presumably, the intentional nature of having SENT
the files).
Ultimatley, if you know the sender and confirm the key, if you sign their
key, THAT attribute can be used as your spam/viral trust -- not the mere
fact that their signature is found in a db, but that it's signed by the
recipient.
As I've seen it, AVG uses a sort of signature-based thing, but it's
terribly annoying to see messages which claim to be "virus free" just
because the SENDER said so, and if you're not running the same software on
your host, you can't confirm the signature as legit (and if you ARE running
the same software, then you're already scanning your incomming messages,
and thus the message sure as fsck doesn't need to bave this claim tacked on).
---
Sean B. Straw / Professional Software Engineering
Procmail disclaimer: <http://www.professional.org/procmail/disclaimer.html>
Please DO NOT carbon me on list replies. I'll get my copy from the list.
_______________________________________________
procmail mailing list
procmail(_at_)lists(_dot_)RWTH-Aachen(_dot_)DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail