Actually one of my notes was exactly on this issue. I concuded that the
best is to use local filters and separate attachments (such as .exe, .scr,
.bat, etc) from the email and deliver email to recepient without an
attachment but include a instead a note/attachment that it was present
with information on how attachment can be downloaded from the local ISP
server - possibly by using IMAP server with IMAP url indicating exactly
what message to get from the server. This saves time for users when
receiving email over slow connection (dialup) and for well-known viruses,
the users would not even try to download it (plus checking email for
viruses on common IMAP server is easier setup for ISP, since many use unix
servers for mail delivery but most antiviruses run from windows platforms)
(To be fair - this idea came when I was reading somebody elses proposal on
delivering not the email itself but a link where it can be picked up at
the sender's server by IMAP - similar concept to sending user to read
email on the website)
Additional thoughts on the issues included on how to verify that email is
"virus free" and has been checked by anti-virus by the sender by using
special certificate generated (automaticly) by antivirus based on content
of email (simple hash) and based on its own certificate - that anti-virus
certificate can of course be checked on antivirus website, so it creates
fairly good trust system.
Now the above not address your point that local end can not always be trusted
and email-only hoaxes can still propogate just fine, but it addresses
larger problem of security & viruses that get sent through email.
On Thu, 13 Mar 2003 Valdis(_dot_)Kletnieks(_at_)vt(_dot_)edu wrote:
On Thu, 13 Mar 2003 06:15:59 EST, you said:
There are over 400 subscribers to this mailing list. For the most part these
are busy individuals that signed up for a research mailing list to
understand and contribute to solving the spam problem. They are not
interested in scoring a debate match between two men and a sidekick.
On the flip side, I'm writing this as yet *ANOTHER* worm is crawling around
and poking port 445 all over the place.
http://isc.incidents.org/port_details.html?port=445
And there's Code Red outbreaks STILL.
I'll spell it out: Not many of the proposals I've seen so far address the
issue of what happens once "spammer" meets up with "Outlook/IE worm" and/or
"DDOS zombie network". The average security posture Out There is *abysmally*
low, and the machines are for the vast majority a monoculture developed
around a broken security model. Several ideas have overlooked the concept
that the remote end could be lying to you, but almost all make the implicit
assumption that the *local* end is trustable.
And I'm not at all convinced that's true at most sites.
_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg