gnupg encrypted mail and malware/spam

Eugene Smiley eugene@esmiley.net
Sun May 11 06:15:28 2003


John wrote:=20
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>=20
> Eugene Smiley wrote:
>> I think you are missing the point with regard to the issue of
>> server based virus scanning. It isn't that hard to imagine a
>> virus generating an email via Outlook which is then passed to
>> GPGRelay; the user isn't paying attention, types the passphrase,
>> and it get's emailed; the user on the other end decrypts it and
>> opens the attachment... BLAMO!
>=20
> Ding! There's the REAL culprit - There seems to be as many
> LookOut! exploits out on the 'Net as there are attacks against
> InternetExploder.=20

When you have companies -- such as my former employer -- that become
Microsoft Software Partners and dictate that Outlook must be used,
there is little that can be done. People can argue until they are=20
blue about Outlook being broken and attack prone, but until MS fixes=20
it, we all must deal with the consequences.

> Perhaps a less-easily hijacked MUA is needed. What you describe
> here is more E-mail worm than SPAM.=20

Exactly, but I wasn't talking about Spam. Here's what I was responding =
to:

Thomas Scheffczyk wrote:=20
> If GnuPG is used to protect mail messages it also disables all
> server based protection measures against malware and Spam. No
> virus scanner nor Spam filter on firewalls or gateways can check
> the encrypted messages.=20

Spam had already been addressed, but "malware" wasn't. Virii, Trojans,
and Worms can all be encrypted within a message, and won't be detected=20
by a virus scanner on the mail gateway. That's why I created the above
possible scenario.

Eugene