RE: [Asrg] How to defeat spam that uses encryption?

[Jason Hihn <jhihn@paytimepayroll.com>]

>
> First I don't believe there is any legit function for Javascript
> and absolutely not in email. Filter all active code at the firewall
> unless it comes from an authenticated and trusted source.

Mailed HTML forms, with javascript validation. As I understand it, this is
the only reason why this stuff is put up with today. I think we can do away
with it though. I've never used it and working around it (send a link, and
not the page) is done easily enough. (I am all for this!)

> This goes for attachments too, filter out all the word and excell
> documents with macros unless the sender is trusted. There must be
> code readilly available to detect macros in these files.

You'd think so, but those are proprietary formats, my friend. And to my
knowledge, non-proprietary formats (Open Office) aren't stupid enough to
have macros (at least the auto-open ones) (the last time I checked).
Furthermore, trusting the sender is not enough, as we usually infect the
ones we love (those in our address books) when it's outlook virus time!

> Second renaming the variables does not affect the ability of
> recognizers to detect it, this was demonstrated by some anti-cheat
> software that was developed at Southampton University in the
> 1980s. Code can be identified by the structure very easily.
> Virus checkers use the same techniques.

Indeed you are correct, but I was referring to a word-type filter, and not a
structure-based one.



_______________________________________________
Asrg mailing list
Asrg@ietf.org
https://www1.ietf.org/mailman/listinfo/asrg