On Thu, 19 Dec 2019, Philipp Ewald wrote:
I have a solution with ClamAV for any image that is "not allowed". I my case
i create a md5sum from images i don't want to receive and but them into
hashtable.
This Hashtable place into /var/lib/clamav/NAME.hsb
/var/lib/clamav/NAME.hsb looks like:
129895eb534a7e568b4284b6860fa93c:1245184:BitcoinImage
hash:size:"VIRUS name"
so any new mail with this attachment get treated as virus
To a degree that's just whack-a-mole. It would not be excessively
difficult to make minor alterations to the image sufficient to change the
hash without noticeably changing it visually.
It might be prohibitive to do that per-message, but sending a batch of a
hundred messages while you're modifying the image for the next batch would
probably work.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
"Bother," said Pooh as he struggled with /etc/sendmail.cf, "it never
does quite what I want. I wish Christopher Robin was here."
-- Peter da Silva in a.s.r
-----------------------------------------------------------------------
6 days until Christmas
