Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Whitelisting based on attachment checksum rather e-mail address #30

Closed
robert-scheck opened this issue Oct 31, 2017 · 6 comments
Closed

Whitelisting based on attachment checksum rather e-mail address #30

robert-scheck opened this issue Oct 31, 2017 · 6 comments
Assignees
@sbidy
Labels
enhancement
Projects
3.5
Milestone
3.5

Comments

@robert-scheck
Copy link
Contributor

Given especially current spam waves are partially using real-world e-mail addresses as sender address, it would be a nice enhancement to additionally allow whitelisting based on attachment checksums (SHA512) rather on sender e-mail address (to better cover false positive scenarios).
@sbidy sbidy added this to the 3.5 milestone Oct 31, 2017
@sbidy sbidy self-assigned this Oct 31, 2017
@sbidy sbidy added this to Backlog in 3.5 Oct 31, 2017
@sbidy
Copy link
Owner

sbidy commented Jan 19, 2018

I plan to change the white listing to a hash value of the e-mail address.
To use the hash of a document for the exclusion would be also not possible because the documents hash is changing relay fast. If you only open an close a document the modification is big enough to change the hash value.

@robert-scheck
Copy link
Contributor Author

robert-scheck commented Jan 19, 2018
edited

How does the hash value of a sending e-mail address improve things? The e-mail address can still be faked easily -> IMHO no benefit over whitelisting per sender e-mail address.

Is it possible to extract only the macro part and use a hash value of that? Is this also bound to these unintended changes you mentioned before? Aside of that, you are anyway using caching based on a hash value, so why is it not good enough to use the same checksum for specific whitelisting?

@sbidy
Copy link
Owner

sbidy commented Jan 19, 2018
edited

It improves a security bug - I tried to fuzz mail addresses and detect a vulnerability at the whitelisting. To prevent this and other "unexpected" and "non-RFC" formatted mail address I would like to hash the mail address string to a "normalized" value. It is more a workaround.

To bring a macro whitelisting in place is a good idea 😉 - but I'll plan this for a future release because in my opinion it can be really complex and how should a "normal" user generate the hash for the whitelist?
On the other hand, we can maybe deprecate the feature. An encrypted zip can also a useful method to send a blocked macro document and already used for passing unwanted attachment types through the amavis.

@robert-scheck
Copy link
Contributor Author

Personally, I treat any whitelisting based on e-mail sender address anyway as manipulatable ;-)

Generating the hash of the macro itself is something that I would leave to MacroMilter (it could just print it in the reject message or simply log the hash when rejecting). Once a whitelisting is required, this anyway requires an administrator handling the hash from somewhere. Given the whitelisting, something like SHA512 would be suitable otherwise it's maybe possible to cause a collision to bypass malicious macros.

@sbidy
Copy link
Owner

sbidy commented Jan 23, 2018

Yub, that's correct. I'm working on it.
I want to implement a hashing over the analyzed macro code. I think this will be the best meta data for a "stable" and secure WS. To avoid a collision I'll use a SHA512.

@sbidy
Copy link
Owner

sbidy commented Jan 3, 2019

implemented and released with 3.6

@sbidy sbidy closed this as completed Jan 3, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@sbidy sbidy

Labels
enhancement
Projects
3.5
Backlog
Milestone
3.5
Development

No branches or pull requests
2 participants
@sbidy @robert-scheck