Hello,
I have recieved two virus infected emails from this list in
the last week. Is it possible to have our list admin run clamav.
You are joking? Right? In case you had not noticed this is
"Full Disclosure". Can not very well talk about virii with filters on.
Hot-headed guys like you will quickly wreck the Internet! If people
consider hackers un-negotiable and equal to terrorists, the Net will
soon go under the UN charter and be subject to repression by national
governments.
Why do you want to destroy the current framework we are all quite
happy with? If hackers studied and respected the guidelines, liberties
and bounds applying in the USA, the country that created the Internet,
our current freedoms could be maintained longer.
1., First Amendment defines free speech. Source code has been proven
free speech. Executables are not covered by free speech, however.
2., Therefore binaries do not belong to full disclosure. If you post a
binary to FD and that binary later becomes part of a worm or backdoor
kit, any company that became affected by the malware could sue the
orgainzation hosting the FD list servers.
Indeed, USA is the most litigous state in the whole word. This would
mean FD ceases to exist soon, to prevent further lawsuits from hitting
the maintainer / hoster entity. And you end up with no place left to
discuss! Source code postings are exempt from litigation because of the
First Amendment.
3., Filters only deal with binaries, not source code. AV firms refuse to
detect source code.
4., Therefore, you are free (encouraged) to submit exploit source code
to Full Disclosure, even with AV filters in place.
5., IT security aware people can deal with source code, executables
add nothing to this.
6., Filters protect against e-mail worm / virus binaries entering the FD
digest: viruses that were auto-sent from infected machines without any
kind of human intention. These viruses carry no information for FD
audience, in fact they were not meant for FD, the worm's parse routine
just used the first string with a @ inside it could find on the HDD. This is
the very issue the original poster complained about!
7., If you must share exploit binaries or other not so innocent code with
other FD readers for whatever strong reasons, please simply provide a
URL to access it and do not stuff Base64 blocks into this mailing list.
[Especially conidering that the whole FD is forever archived on the Web
in a Mailman system. In fact I myself always read FD via the Web
interface. If you post binaries into FD, you effectively turn it into a Web
virus repository.]
8., Implement that anti-virus filtering and put a disclaimer in the FAQ!
We certainly don't need lawyers interfering with this FD list, so please
don't provoke their involvement by carelessness. Some free AV solution
probably wouldn't cost a dime.
Regards: Tamas Feher.
