Mailfilter for unknown signatures (Re: gpg --search-keys)
thomas at northernsecurity.net
Thu Mar 25 00:05:09 CET 2004
On Wed, Mar 24, 2004 at 11:22:04PM +0100, Albert wrote:
> I tried to search my own key with different search strategies :-)
Did it work?
> I uploaded 1 new email-address with my key and after a few days I
> got a W32/Mydoom.G to this address. A 2nd address which was
> uploaded to the keyserver too at the same time, got this Mydoom
> too, while a 3rd and 4th address (daughter, friend) didn't. It was
> very strange.
I got limited knowledge about worm/malware but it seems unlikely that
MyDoom actually scans keyservers to gather email addresses. If i'm not
mistaken no worm has done this (yet).
> With 99.99% I can exclude, that the malware came from
> the only person who knew the new email-address. We both use linux
> systems. I never heard of a linux system which spreads a win-worm
> automatically and passes the firewall.
I have to trust you about the number of people knowing the address in
question. However, as long as you can send emails, you can spread
> I think the only way to protect email-addresses registered at
> key-servers from spam is to accept mails with signatures only and
> make an autoresponder for the non-signed.
This behavior would, sad to say, kill 99% of all mails sent.
> As a 2nd step I would like to check for encrypted mails, which are
> signed but not known locally. Any ideas how I can do this with a
Set a procmail filter, for example, to look for the PGP MESSAGE string
and the parse the message to a shell script.
btw, dont use pgp.mit.edu, it's broken. use subkeys.pgp.net instead.
== thomas at northernsecurity.net | thomas at se.linux.org
== Encrypted e-mails preferred | GPG KeyID: 114AA85C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 481 bytes
Desc: Digital signature
Url : /pipermail/attachments/20040325/3c366e7d/attachment-0001.bin
More information about the Gnupg-users