F-prot update
Peter Bonivart
peter at UCGBOOK.COM
Sat Mar 6 13:02:12 GMT 2004
Dan Hollis wrote:
> Except that all the known viruses so far use known static phrases. Theres
> a limit to how much phrases could be 'randomized' before they become
> incomprehensible to the intended target.
>
> Parsing static phrases for passwords would be useful right now, and for
> the short term future. Various virus filtering software does it already
> (mailscanner alas is one that does not). No, it isnt perfect forever but
> that doesnt make it completely useless or even impractical.
Mail systems should keep mail flowing. Stopping to try to crack
passwords would impair mail flow a lot. MailScanner shouldn't keep
trying hard with anything that is meant to obstruct mail flow, it should
just make quick decisions whether it's good or bad mail and get on with it.
It's fine if it can quarantine this type of mail. Then you can run a
cracker on the quarantined files trying to parse them for passwords and
enter them, if you find the correct one you can reenter it in the queue.
Judging from all the request about quarantined password protected zip I
have received (0/zero) I wouldn't bother writing such a script since I
can easily handle the load manually.
--
/Peter Bonivart
--Unix lovers do it in the Sun
Sun Fire V210, Solaris 9, Sendmail 8.12.10, MailScanner 4.25-14,
SpamAssassin 2.63 + DCC 1.2.30, ClamAV 0.67 + GMP 4.1.2
More information about the MailScanner
mailing list