[91747] in North American Network Operators' Group
Re: ISP wants to stop outgoing web based spam
daemon@ATHENA.MIT.EDU (Peter Corlett)
Fri Aug 11 05:42:13 2006
In-Reply-To: <Pine.LNX.4.64.0608110721220.9368@efes.iucc.ac.il>
From: Peter Corlett <abuse@cabal.org.uk>
Date: Fri, 11 Aug 2006 09:44:38 +0100
To: Hank Nussbacher <hank@efes.iucc.ac.il>
X-SA-Exim-Rcpt-To: nanog@merit.edu
X-SA-Exim-Mail-From: abuse@cabal.org.uk
Errors-To: owner-nanog@merit.edu
On 11 Aug 2006, at 05:24, Hank Nussbacher wrote:
[...]
> Please show me which virus scanner scans html pages for the words
> like V I A G R A, or Free M O R T G A G E, as it is going outbound.
It's the one you're going to have to write, or coerce somebody to
write, if you want it that much.
I have a sneaking suspicion that SpamAssassin's core could probably
be pressed into action here, wrapped in a HTTP proxy. It wouldn't
scale terribly well, but it might be enough to keep tabs on a few
tens of hosts that you expect trouble to come from.
HTTPS would be a bit more tricky and would require the co-operation
of the cybercafe to install your CA cert on their browsers and crank
down the security settings so you could do a MITM attack.
