New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Whitelisting based on attachment checksum rather e-mail address #30
Comments
I plan to change the white listing to a hash value of the e-mail address. |
How does the hash value of a sending e-mail address improve things? The e-mail address can still be faked easily -> IMHO no benefit over whitelisting per sender e-mail address. Is it possible to extract only the macro part and use a hash value of that? Is this also bound to these unintended changes you mentioned before? Aside of that, you are anyway using caching based on a hash value, so why is it not good enough to use the same checksum for specific whitelisting? |
It improves a security bug - I tried to fuzz mail addresses and detect a vulnerability at the whitelisting. To prevent this and other "unexpected" and "non-RFC" formatted mail address I would like to hash the mail address string to a "normalized" value. It is more a workaround. To bring a macro whitelisting in place is a good idea 😉 - but I'll plan this for a future release because in my opinion it can be really complex and how should a "normal" user generate the hash for the whitelist? |
Personally, I treat any whitelisting based on e-mail sender address anyway as manipulatable ;-) Generating the hash of the macro itself is something that I would leave to MacroMilter (it could just print it in the reject message or simply log the hash when rejecting). Once a whitelisting is required, this anyway requires an administrator handling the hash from somewhere. Given the whitelisting, something like SHA512 would be suitable otherwise it's maybe possible to cause a collision to bypass malicious macros. |
Yub, that's correct. I'm working on it. |
implemented and released with 3.6 |
Given especially current spam waves are partially using real-world e-mail addresses as sender address, it would be a nice enhancement to additionally allow whitelisting based on attachment checksums (SHA512) rather on sender e-mail address (to better cover false positive scenarios).
The text was updated successfully, but these errors were encountered: