[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3FB2E397.24955.D30019E@localhost>
From: nick at virus-l.demon.co.uk (Nick FitzGerald)
Subject: a PGP signed mail? Has to be spam!
Peter Moody <peter@...c.edu> wrote:
> I frequently get messages from virus filters telling me that my
> attachment (signature.asc) has been removed as it's thought to contain a
> virus. For the virus end, it'll take time for people to start coding
> proper virus scanners that don't recognize .asc as a virus.
Really?
A virus scanner saying the .ASC "is thought to conatin a virus", or
actually a "higher level" filtering mechanism "rejecting" the .ASC
because the virus scanner says it is (possibly) an encrypted data block
that cannot be "decrypted" and thus is "unscannable" by the scanner?
A few scanners are actually that "honest" and as they effectively
report an error to the higher level filtering application, that app
"reasonably" rejects the message (or that part thereof). In such cases
the system admins should be paying more attention to the configuration
of either (or both) the higher level filter (perhaps configure it to
not try to virus scan .ASC signature blocks) or the scanner's handling
of such file types (perhaps exclude .ASC files from scanning if that's
an option and if that is how the higher level content scanner passes
the "to be scanned" file to the scanner).
> As far as signed mail getting picked up by spam filters, I would think
> that talking to the admins would be your best bet. But again, in time
> spam filters will recognize that pgp signature does not equal spam.
Do you really think the clueless twats producing and/or running spam
filters with such filter rules now can really get that clueful?
Regards,
Nick FitzGerald
Powered by blists - more mailing lists