Michael Helm | 1 Feb 19:04 2004
Picon

digital signature tests


Has anyone (recently) given any thought to using crypto / digital signature
evaluations in procmail tests.   It's getting harder to send attachments
around - one of the first lines of defense in the ongoing mydoom
virus response, was bouncing zip files.

A system or mail hub based procmail, delivering mail, could
test incoming messages with mime info & look for smime types or
pgp mime types.   The mail hub procmail could test signatures
against either a local key ring or large scale keyring (*gp), 
or list of known trusted CA roots (smime), or a list of trusted
email certificates (smime).

Possible configuration: messages that have valid signatures
might be passed to the user (or scored more generously --
virus checks and other evaluations might still override).
Certain kinds of failures could be rejected without further
consideration, and others might be quarantined for evaluation.

This could also be used to automatically construct a whitelist.
Could also be used to generate a white list (send me a signed
email - certificate or pgp pub key put in my whitelist db).

I am pretty sure this is all do-able; has anyone been experimenting
with it?   Some of it seems like a natural fit for the
anti-virus scanners.

Re: digital signature tests

At 10:04 2004-02-01 -0800, Michael Helm wrote:
>Has anyone (recently) given any thought to using crypto / digital signature
>evaluations in procmail tests.   It's getting harder to send attachments
>around - one of the first lines of defense in the ongoing mydoom
>virus response, was bouncing zip files.

FTR, *BOUNCING* is a seriously ill-advised thing to do, both in response to 
viruses AND spam (an SMTP-time bounce such as a DNSBL is a different matter 
- your host refuses a message before it's accepted the body, and the 
SENDING host has to deal with relaying the news).  In the case of viruses, 
you're just causing MORE problems and wasting bandwidth.  Far better to 
quarantine the files.

>I am pretty sure this is all do-able; has anyone been experimenting
>with it?   Some of it seems like a natural fit for the
>anti-virus scanners.

I don't do it on an automated level, but PGP signing is the easiest way for 
individuals to send around files with executable attachments and be able to 
confirm the senders (and presumably, the intentional nature of having SENT 
the files).

Ultimatley, if you know the sender and confirm the key, if you sign their 
key, THAT attribute can be used as your spam/viral trust -- not the mere 
fact that their signature is found in a db, but that it's signed by the 
recipient.

As I've seen it, AVG uses a sort of signature-based thing, but it's 
terribly annoying to see messages which claim to be "virus free" just 
because the SENDER said so, and if you're not running the same software on 
(Continue reading)

linux | 2 Feb 00:00 2004

smart photo

Hi Joanna

I wondered
My boss had wild sex last evening with the brother of Rick %-)))
And I turned on my digital panasonic photocam and make many excellent images:)
And do not send photos to my b/f, I rely on you.

Client: MailMonitor for SMTP v1.2.2 

The message body part has been replaced with this note.

Problem description:
Attachment validity check: passed.
Virus identity found: W32/Mimail-S

See also:
http://www.rz.rwth-aachen.de/infodienste/email/virus.php

_______________________________________________
procmail mailing list
procmail <at> lists.RWTH-Aachen.DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
linux | 2 Feb 00:00 2004

Re: cool images private

Hi my darling Barbara,

I wondered
My dad had wild sex I ever seen last evening togather with the friend of Jim:))
And I switched on my digital panasonic videocam and make good images.
And don't show it to your boyfriend, ok?

Client: MailMonitor for SMTP v1.2.2 

The message body part has been replaced with this note.

Problem description:
Attachment validity check: passed.
Virus identity found: W32/Mimail-S

See also:
http://www.rz.rwth-aachen.de/infodienste/email/virus.php

_______________________________________________
procmail mailing list
procmail <at> lists.RWTH-Aachen.DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
schaefer | 2 Feb 00:01 2004

cool picture private

Hi my darling Camilla

It's amazing,
My dad had wild sex I ever seen last night with the mom of Jim:))
And I power on my digital siemens videocamera and create many cool images:)
So don't show pictures anybody else, okay?

Client: MailMonitor for SMTP v1.2.2 

The message body part has been replaced with this note.

Problem description:
Attachment validity check: passed.
Virus identity found: W32/Mimail-S

See also:
http://www.rz.rwth-aachen.de/infodienste/email/virus.php

_______________________________________________
procmail mailing list
procmail <at> lists.RWTH-Aachen.DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
vlb | 2 Feb 00:00 2004

smart pics

Good evening Katherine

It's amazing.
My boss had wild sex last evening with the boss of Denny %-)
I turned on canon camera and make cool pictures %-( )
But don't send pictures to my b/f, I rely on you.

Client: MailMonitor for SMTP v1.2.2 

The message body part has been replaced with this note.

Problem description:
Attachment validity check: passed.
Virus identity found: W32/Mimail-S

See also:
http://www.rz.rwth-aachen.de/infodienste/email/virus.php

_______________________________________________
procmail mailing list
procmail <at> lists.RWTH-Aachen.DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
schaefer | 2 Feb 00:01 2004

Re: cool images

Hello my darling Julian

I wondered!!!
My mom had excellent sex last night togather with the sister of Ross=)
And I switched on my digital toshiba cam and make some good pictures!!!
Well don't show photos to your mom, I trust you.

Client: MailMonitor for SMTP v1.2.2 

The message body part has been replaced with this note.

Problem description:
Attachment validity check: passed.
Virus identity found: W32/Mimail-S

See also:
http://www.rz.rwth-aachen.de/infodienste/email/virus.php

_______________________________________________
procmail mailing list
procmail <at> lists.RWTH-Aachen.DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
schaefer | 2 Feb 00:02 2004

cool photo imortant

Hi my dearest Margaret!!!

It's amazing
My brother had excellent sex last evening togather with the mom of Logan:)
I switched on my nokia videocam and make some excellent images:))
Heh do not send it to your boyfriend, I trust you.

Client: MailMonitor for SMTP v1.2.2 

The message body part has been replaced with this note.

Problem description:
Attachment validity check: passed.
Virus identity found: W32/Mimail-S

See also:
http://www.rz.rwth-aachen.de/infodienste/email/virus.php

_______________________________________________
procmail mailing list
procmail <at> lists.RWTH-Aachen.DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
schaefer | 2 Feb 00:02 2004

sexy pics

Good evening Eleanor

It's amazing!
My mom had best sex I ever seen last night with the boss of Duane!!!
And I turned on my philips device and make a lot of excellent images:)
Well do not send photos to your bro, I rely on you.

Client: MailMonitor for SMTP v1.2.2 

The message body part has been replaced with this note.

Problem description:
Attachment validity check: passed.
Virus identity found: W32/Mimail-S

See also:
http://www.rz.rwth-aachen.de/infodienste/email/virus.php

_______________________________________________
procmail mailing list
procmail <at> lists.RWTH-Aachen.DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail
schaefer | 2 Feb 00:02 2004

cool pics

Good evening my dear Eleanor

It's amazing
My dad had wild sex I ever seen last evening togather with the boss of Gene=)
I turned on my panasonic cam and make good photos:)
Heh don't send pictures to my bf, I rely on you.

Client: MailMonitor for SMTP v1.2.2 

The message body part has been replaced with this note.

Problem description:
Attachment validity check: passed.
Virus identity found: W32/Mimail-S

See also:
http://www.rz.rwth-aachen.de/infodienste/email/virus.php

_______________________________________________
procmail mailing list
procmail <at> lists.RWTH-Aachen.DE
http://MailMan.RWTH-Aachen.DE/mailman/listinfo/procmail

Gmane