Re: a PGP signed mail? Has to be spam!

[Nick FitzGerald <nick () virus-l demon co uk>]

Peter Moody <peter () ucsc edu> wrote:

> I frequently get messages from virus filters telling me that my
> attachment (signature.asc) has been removed as it's thought to contain a
> virus.  For the virus end, it'll take time for people to start coding
> proper virus scanners that don't recognize .asc as a virus.

Really?

A virus scanner saying the .ASC "is thought to conatin a virus", or 
actually a "higher level" filtering mechanism "rejecting" the .ASC 
because the virus scanner says it is (possibly) an encrypted data block 
that cannot be "decrypted" and thus is "unscannable" by the scanner?

A few scanners are actually that "honest" and as they effectively 
report an error to the higher level filtering application, that app 
"reasonably" rejects the message (or that part thereof).  In such cases 
the system admins should be paying more attention to the configuration 
of either (or both) the higher level filter (perhaps configure it to 
not try to virus scan .ASC signature blocks) or the scanner's handling 
of such file types (perhaps exclude .ASC files from scanning if that's 
an option and if that is how the higher level content scanner passes 
the "to be scanned" file to the scanner).

> As far as signed mail getting picked up by spam filters, I would think
> that talking to the admins would be your best bet.  But again, in time
> spam filters will recognize that pgp signature does not equal spam.

Do you really think the clueless twats producing and/or running spam 
filters with such filter rules now can really get that clueful?


Regards,

Nick FitzGerald

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html