Full Disclosure mailing list archives
RE: Administrivia: Testing Emergency Virus Filter..
From: Nick FitzGerald <nick () virus-l demon co uk>
Date: Thu, 21 Aug 2003 11:56:15 +1200
"Schmehl, Paul L" <pauls () utdallas edu> to Richard M. Smith:
The email infrastructure (SMTP servers, POP servers, Web-based email systems, list serve software, etc) should all be doing the same stripping of exectuables.I would go farther. SMTP was never designed as a file transfer mechanism, and it should not allow file transfer. This would solve both the problem of email attachment viruses *and* the scourge of the Internet, HTML email.
Whilst I understand the attraction of this idea, I have two _major_ objections to it: 1. Some of us _REALLY DO_ have to receive executable and like attachments. Dealing with folk for whom it is a major accomplishment to talk through attaching any file to an Email message so you can get a copy of some suspect file off their (very remote from you) machines is part and parcel of normal day-to-day work for a small but significant number of technical folk. The problem is not that _we_ cannot handle the technology but that those who most need help have a great deal of trouble with it. If your "solution" to this problem is to sugegst that some new file transfer mechanism should be devised and implementations widely distributed, then you will simply move the target of choice for the bad guys from SMTP to "Paul And Richard's Excellent And Easy To Use New File Transfer Protocol" because you can guarantee that some popular OS developer's implementors will feel the need for an auto-accept option and a little tick box in the "Do you want to accept FileX from PersonY" dialog that says "Do not show me this message again" (if you work for MS, yes that is directed at you). 2. I suspect that Mr Turing and a his halting problem will intervene in any attempt to devise a foolproof "this message contains an attachment" mechanism. The obvious choice to break any such system is steganographic encoding of a binary stream into a text message. It may be grossly inefficient, but do you think that really matters? -- Nick FitzGerald Computer Virus Consulting Ltd. Ph/FAX: +64 3 3529854 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Administrivia: Testing Emergency Virus Filter.., (continued)
- RE: Administrivia: Testing Emergency Virus Filter.. Scott Phelps / Dreamwright Studios (Aug 20)
- Re: Administrivia: Testing Emergency Virus Filter.. Thor Larholm (Aug 20)
- Re: Administrivia: Testing Emergency Virus Filter.. Valdis . Kletnieks (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Richard M. Smith (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Jeroen Massar (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Brent J. Nordquist (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- Re: Re: Administrivia: Testing Emergency Virus Filter.. Nick FitzGerald (Aug 21)
- RE: Administrivia: Testing Emergency Virus Filter.. Nick FitzGerald (Aug 20)
- RE: Administrivia: Testing Emergency Virus Filter.. Paul Schmehl (Aug 20)
- Re: Administrivia: Testing Emergency Virus Filter.. Valdis . Kletnieks (Aug 21)
- Re: Administrivia: Testing Emergency Virus Filter.. Nick FitzGerald (Aug 21)
- RE: Administrivia: Testing Emergency Virus Filter.. Dan Stromberg (Aug 21)
- RE: Administrivia: Testing Emergency Virus Filter.. Gary E. Miller (Aug 20)
- Re: Administrivia: Testing Emergency Virus Filter.. Bryan Allen (Aug 20)