Hi David, On Wed, Jun 23, 2010 at 1:38 PM, David Banes <[email protected]> wrote: > > On 23/06/2010, at 9:57 PM, paddy joesoap wrote: > >> Hi all, >> >> Are there any implementions of XMPP that consider Malware filtering >> such as SPIM, Phishing, Worms and so forth? > > Yes we do (Cleartext) in message URL filtering looking for malware links and > ID theft (phishing etc). >
What XMPP server do you use to do URL filtering? >> >> Is it possible to send malware payloads via IM messaging? > > Yes - via file transfers. So that would be things like the use of XMPP FTP proxy if P2P FTP between clients was disabled. I presume a typical server based anti-virus or IDS could be installed to filter such files, provided of course such files are sent in the clear. > >> >> I presume XML makes it harder, can't HTML be also embedded in XMPP >> messages and thus perhaps typical HTTP-based scripting trojans could >> then be sent? > > XMPP HTMl is formalised in XHTML-IM, a subset of HTML which by definition is > safer. > >> >> Can content filters like that of Openfire's plugin be used to filter >> out phishing attempts such as blocking "www.paypa1.com" where "l" is >> replaced with a "1". > > Probably > >> >> Perhaps content filtering could also be used to inspect the XMPP >> stanza for known worms. >> >> Is Malware more of a problem with inband or outband (file transfer) >> XMPP messaging? >> > > Malware generally isn't a problem, the real 'problem' is people clicking on > malware links and bots setting up using accounts on servers. Cheers. Is there a database of malicious (phishing) URL's that is used by the XMPP community or is this done on an ad-hoc basis? > >> >> regards, >> Paddy. > >
