[Prev][Next][Index][Thread]

Re: Off Topic-- Windows only viruses, and a US based school



On Tuesday 26 February 2002 02:33, Eugene Leitl wrote:
> On Mon, 25 Feb 2002, GNUOrder wrote:
> > Yea, I dont like seeing these viri getting through to the mailing lists
>
> Viruses.
>
> > either, if that is where you are getting them from.  I know a few have
> > made it through the Linux BIOS list in the past.  I think the best place
> > to scan for viri is at the ISP of where it was originally sent, bouncing
> > the email
>
> Dumb idea. Better idea: don't use vulnerable file formats. Almost all
> Microsoft document formats can contain executable code. Don't run code
> from untrusted source, verified by a digital signature. Strip executable
> attachements on your mailserver, if you have vulnerable systems on the
> other side of the firewall.

I agree that should be done also but some windows viri infect you from just 
opening the email.  You dont have to open an attachment.  Also a lot of the 
viri have their own smtp component so the user doesn't have to be using 
outlook at the time.  If the ISP where the email is sent detects a virus and 
bounces a message back to the user, it would cut down on email traffic.  

>
> > back to the user with a message and stripped of the viral code.  That
> > isn't going to happen except for a few ISPs because that would require
> > forthought and initiative and might even cost a little bit of money.
>
> Wrong attitude. Your ISP is supposed to deliver connectivity. Attempts to
> fiddle with it, and be it "only" to protect you from spam will sometimes
> backfire.

Some ISPs deliver connectivity well and some dont.  Some already scan for 
viri in outgoing mail and a lot more scan for viri in incoming mail.  If they 
can do it with incoming mail, it should be to hard to do it with outgoing 
mail.  If it backfires, you go with a better ISP, just like with connectivity.

>
> > I've seen a few free email scanners for *nix but I think the problem is
> > keeping up with windows viri.  There should be a clearing house for viri
> > signatures for all the AV software users can update.  I dont think the
> > big companies would want that, they all want to go to a subscription
> > service.
> >
> > Anyway, my gripes on the subject.
> >
> > GO
> >
> > PS.  the clearing house could also include signatures for spyware,
> > trojans and the FBI's new snooping software.

References: