Full Disclosure mailing list archives
RE: Administrivia: Testing Emergency Virus Filter..
From: madsaxon <madsaxon () direcway com>
Date: Wed, 20 Aug 2003 11:30:48 -0500
At 09:43 AM 8/20/03 -0500, Schmehl, Paul L wrote:
I would go farther. SMTP was never designed as a file transfer mechanism, and it should not allow file transfer. This would solve both the problem of email attachment viruses *and* the scourge of the Internet, HTML email.
I concur completely. I've been preaching a similar gospel for many years; to wit, that we've been employing SMTP in a manner for which it was not designed, and we're now paying the price for that misuse. MIME and similar initiatives were well-intentioned, but fundamentally they're still little more than kludges. I was the manager of a large (18,000+ users) email system back in the 1997-98 era, when it first became de rigeur to attach cute binaries and, more insidious, Powerpoint presentations to emails. I can't tell you how many times I had to reset the SMTP queue at 3:00 AM because it contained 1,000 copies of "rudolph.exe" or some series of 500 slides from a conference sent to an "all-user" mailing list, the vast majority of which were simply text on a colored background, anyway. I can't see any immediate solution to this problem, however. We've painted ourselves into a corner by trying to adapt SMTP to FTP, rather than enforcing implementations that respect the protocol's original purpose. That way lies madness, as well as long-term frustration. m5x _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- RE: Administrivia: Testing Emergency Virus Filter.. madsaxon (Aug 20)