Vulnerability Development mailing list archives

Re: Virus Scan Notices in eMail

From: 11a () GMX NET (Bluefish)
Date: Wed, 28 Jun 2000 14:37:54 +0200


Agree, you're 100% right about this opening up for social engineering. And
depending on setup, surely viruses can escape checking in some
installations.

Maybe the user receives an email at home, believing it has been passed
through the scanner at his job. Or worse, what a company use one server
for internal mails and one for incomming, only the later being scanned?

Besides, the notice would anoy me a lot if I recieved it constantly ;)

..:::::::::::::::::::::::::::::::::::::::::::::::::..
     http://www.11a.nu || http://bluefish.11a.nu
    eleventh alliance development & security team

On Tue, 27 Jun 2000, Brian Kifiak wrote:

Hi,

Could someone enlighten me as to why many server-side eMail virus
scanners add this information to eMails they scan?

   ****** Message from InterScan E-Mail VirusWall NT ******

   ** No virus found in attached file noname.htm

   *****************     End of message     ***************

Is there something I'm missing, or isn't this actually a BAD thing?
If users get comfort from seeing messages like this, what's to stop
someone from adding this to an eMail containing a virus they want to
spread?  Wouldn't the user be more likely to open it?  (Assuming
your virus slipped through their detection mechanism undetected.)

Current thread:

Re: Another new worm??? (technical) sigipp () WELLA COM BR (Jun 26)
- Re: Another new worm??? (technical) Pierre Vandevenne (Jun 27)
- Virus Scan Notices in eMail Brian Kifiak (Jun 27)
  - Re: Virus Scan Notices in eMail Bluefish (Jun 28)
  - Re: Virus Scan Notices in eMail Colleen Tibbs (Jun 28)
    - Re: Virus Scan Notices in eMail Brian Kifiak (Jun 28)
    - Re: Virus Scan Notices in eMail Bluefish (Jun 29)