On 23/06/2010, at 10:46 PM, paddy joesoap wrote: > Hi David, > > On Wed, Jun 23, 2010 at 1:38 PM, David Banes <[email protected]> wrote: >> >> On 23/06/2010, at 9:57 PM, paddy joesoap wrote: >> >>> Hi all, >>> >>> Are there any implementions of XMPP that consider Malware filtering >>> such as SPIM, Phishing, Worms and so forth? >> >> Yes we do (Cleartext) in message URL filtering looking for malware links and >> ID theft (phishing etc). >> > > What XMPP server do you use to do URL filtering?
We have our own custom modules (we use ejabberd) > >>> >>> Is it possible to send malware payloads via IM messaging? >> >> Yes - via file transfers. > > So that would be things like the use of XMPP FTP proxy if P2P FTP > between clients was disabled. I presume a typical server based > anti-virus or IDS could be installed to filter such files, provided of > course such files are sent in the clear. Yes, if the AV/IDS understood XMPP and was proxied, but TLS will be in the way > >> >>> >>> I presume XML makes it harder, can't HTML be also embedded in XMPP >>> messages and thus perhaps typical HTTP-based scripting trojans could >>> then be sent? >> >> XMPP HTMl is formalised in XHTML-IM, a subset of HTML which by definition is >> safer. >> >>> >>> Can content filters like that of Openfire's plugin be used to filter >>> out phishing attempts such as blocking "www.paypa1.com" where "l" is >>> replaced with a "1". >> >> Probably >> >>> >>> Perhaps content filtering could also be used to inspect the XMPP >>> stanza for known worms. >>> >>> Is Malware more of a problem with inband or outband (file transfer) >>> XMPP messaging? >>> >> >> Malware generally isn't a problem, the real 'problem' is people clicking on >> malware links and bots setting up using accounts on servers. > > Cheers. Is there a database of malicious (phishing) URL's that is used > by the XMPP community or is this done on an ad-hoc basis? Most security vendors will licence such things, example providers could be McAfee, AVG, Webroot. We us Webroot who licence the Secure Computing lists. > >> >>> >>> regards, >>> Paddy. >> >>
