On Wed, 18 Mar 2009, RobertH wrote:
<plug type="shameless">
My email sanitizer successfuly defends against this attack.
</plug>
no disrespect intended yet i would like to understand...
ummmm, if your "email sanitizer" caught it, why isnt that something
programmed "in another way" inside SA, or clamav, etc...?
No reason it shouldn't be. I'd suggest something like a rawbody match on
/<object[\s>]/i meta'd with HTML_MESSAGE should be worth a few (dozen)
points.
Perhaps more generic: a plugin that would parse out the distinct tags in
an HTML body part, and assign points based on whether a given tag appeared
at all (e.g. "score_html_tag object 20") or whether a tag does not appear
in a "tag whitelist" (to catch the ran<fnord>dom tag<gargle>name
obfuscation method).
i mean we have viruses, we have spyware, we have spam, we have UCE, we
have all these different terms that describe the essentially the same
stuff...
cant this be dealt with in something that already exists like SA,
Clamav, or whateverm besides having another custom piece of coding ?
Should SpamAssassin really be recast as EmailMalwareAssassin? I personally
don't think so.
All of these tools take different approaches to overlapping problem sets.
My sanitizer complements SA and clamav. I was just lightheartedly tooting
my own horn a bit, primarily because reactive security is inherently
limited.
i mean, John, at the very least get out some them there GUNS and shoot
it a bunch and make it stop or something!
;-)
:) I'll let the Russian Mafia whack the spammers.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
jhar...@impsec.org FALaholic #11174 pgpk -a jhar...@impsec.org
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
The question of whether people should be allowed to harm themselves
is simple. They *must*. -- Charles Murray
