[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..

To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..
From: Nick FitzGerald <nick@virus-l.demon.co.uk>
Date: Thu, 21 Aug 2003 11:56:15 +1200

"Schmehl, Paul L" <pauls@utdallas.edu> to Richard M. Smith:

> > The email infrastructure (SMTP servers, POP servers, 
> > Web-based email systems, list serve software, etc) should all 
> > be doing the same stripping of exectuables.  
> > 
> I would go farther.  SMTP was never designed as a file transfer
> mechanism, and it should not allow file transfer.  This would solve both
> the problem of email attachment viruses *and* the scourge of the
> Internet, HTML email.

Whilst I understand the attraction of this idea, I have two _major_ 
objections to it:

1.  Some of us _REALLY DO_ have to receive executable and like 
attachments.  Dealing with folk for whom it is a major accomplishment 
to talk through attaching any file to an Email message so you can get a 
copy of some suspect file off their (very remote from you) machines is 
part and parcel of normal day-to-day work for a small but significant 
number of technical folk.  The problem is not that _we_ cannot handle 
the technology but that those who most need help have a great deal of 
trouble with it.  If your "solution" to this problem is to sugegst that 
some new file transfer mechanism should be devised and implementations 
widely distributed, then you will simply move the target of choice for 
the bad guys from SMTP to "Paul And Richard's Excellent And Easy To Use 
New File Transfer Protocol" because you can guarantee that some popular 
OS developer's implementors will feel the need for an auto-accept 
option and a little tick box in the "Do you want to accept FileX from 
PersonY" dialog that says "Do not show me this message again" (if you 
work for MS, yes that is directed at you).

2.  I suspect that Mr Turing and a his halting problem will intervene 
in any attempt to devise a foolproof "this message contains an 
attachment" mechanism.  The obvious choice to break any such system is 
steganographic encoding of a binary stream into a text message.  It may 
be grossly inefficient, but do you think that really matters?


-- 
Nick FitzGerald
Computer Virus Consulting Ltd.
Ph/FAX: +64 3 3529854

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- RE: [Full-Disclosure] Administrivia: Testing Emergency VirusFilter..
  - From: Paul Schmehl <pauls@utdallas.edu>
- Re: [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..
  - From: Valdis.Kletnieks@vt.edu
- RE: [Full-Disclosure] Administrivia: Testing Emergency VirusFilter..
  - From: Dan Stromberg <strombrg@dcs.nac.uci.edu>

References:
- RE: [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..
  - From: "Schmehl, Paul L" <pauls@utdallas.edu>

Prev by Date: Re: [Full-Disclosure] securing php
Next by Date: RE: [fd] [Full-Disclosure] Al Qaida claims responsibility for blackout
Prev by thread: RE: [Full-Disclosure] Administrivia: Testing Emergency Virus Filter..
Next by thread: RE: [Full-Disclosure] Administrivia: Testing Emergency VirusFilter..
Index(es):
- Date
- Thread