lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
From: nick at (Nick FitzGerald)
Subject: a PGP signed mail? Has to be spam!

Peter Moody <> wrote:

> I frequently get messages from virus filters telling me that my
> attachment (signature.asc) has been removed as it's thought to contain a
> virus.  For the virus end, it'll take time for people to start coding
> proper virus scanners that don't recognize .asc as a virus.


A virus scanner saying the .ASC "is thought to conatin a virus", or 
actually a "higher level" filtering mechanism "rejecting" the .ASC 
because the virus scanner says it is (possibly) an encrypted data block 
that cannot be "decrypted" and thus is "unscannable" by the scanner?

A few scanners are actually that "honest" and as they effectively 
report an error to the higher level filtering application, that app 
"reasonably" rejects the message (or that part thereof).  In such cases 
the system admins should be paying more attention to the configuration 
of either (or both) the higher level filter (perhaps configure it to 
not try to virus scan .ASC signature blocks) or the scanner's handling 
of such file types (perhaps exclude .ASC files from scanning if that's 
an option and if that is how the higher level content scanner passes 
the "to be scanned" file to the scanner).

> As far as signed mail getting picked up by spam filters, I would think
> that talking to the admins would be your best bet.  But again, in time
> spam filters will recognize that pgp signature does not equal spam.

Do you really think the clueless twats producing and/or running spam 
filters with such filter rules now can really get that clueful?


Nick FitzGerald

Powered by blists - more mailing lists