[PLUG] Effect of a specific mail filter
Michael C. Robinson
michael at goose.robinson-west.com
Wed Aug 20 19:02:02 UTC 2003
Don't know if this is possible, but what if you opened
suspicious email in a virtual environment insulated from
your real one and evaluated the effect, if any, on that
environment? This way you can catch improper behavior
and allow other html email through. As long as the
virtual environment when infected can't take down the
host or leak out worms, etc., your set.
Another option is to only accept html email that is
clearly formed by safe tools from a trusted source.
Guess you'd have to parse style and/or use
cryptographic signatures.
HTML emails are just text programs, why can't they
be opened by something that won't execute them for
scanning purposes? Isn't html language finite
enough to where you can create a filter that
looks for obvious things like file creation and
deletion directives, etc.? Just why is it that
programs like Outlook Express that crave html
formatted email and attachments are so worm and
virus friendly?
Michael C. Robinson
More information about the PLUG
mailing list