On 23/06/2010, at 9:57 PM, paddy joesoap wrote: > Hi all, > > Are there any implementions of XMPP that consider Malware filtering > such as SPIM, Phishing, Worms and so forth?
Yes we do (Cleartext) in message URL filtering looking for malware links and ID theft (phishing etc). > > Is it possible to send malware payloads via IM messaging? Yes - via file transfers. > > I presume XML makes it harder, can't HTML be also embedded in XMPP > messages and thus perhaps typical HTTP-based scripting trojans could > then be sent? XMPP HTMl is formalised in XHTML-IM, a subset of HTML which by definition is safer. > > Can content filters like that of Openfire's plugin be used to filter > out phishing attempts such as blocking "www.paypa1.com" where "l" is > replaced with a "1". Probably > > Perhaps content filtering could also be used to inspect the XMPP > stanza for known worms. > > Is Malware more of a problem with inband or outband (file transfer) > XMPP messaging? > Malware generally isn't a problem, the real 'problem' is people clicking on malware links and bots setting up using accounts on servers. > > regards, > Paddy.
