On Fri, 14 Mar 2003 00:39:03 PST, william(_at_)elan(_dot_)net said:
Additional thoughts on the issues included on how to verify that email is
"virus free" and has been checked by anti-virus by the sender by using
special certificate generated (automaticly) by antivirus based on content
of email (simple hash) and based on its own certificate - that anti-virus
certificate can of course be checked on antivirus website, so it creates
fairly good trust system.
Just remember that this check done *by the sender* is close to useless:
1) As written, it doesn't contain any verification that a *current* template
of signatures was used - I've actually gotten mail that was stamped "this
mail certified virus-free by LlamaWare 1.2" and contained a virus anyhow,
because it's signature database was *literally* 2.5 years out of date.
2) Either the sending system has a virus, or it doesn't. If it doesn't,
it doesn't matter if it got scanned. If it does, I have no guarantee that
said scanner hasn't been fooled by a rootkit.
3) Now imagine a virus that injects itself and then forges a "virus free"
signature for itself (remember - if the virus scanner has enough info to
generate a cert, any malware that gets loose on that machine has enough info
to forge the same cert).
Now, to be fair, the outdated signature issue and the rootkit issue both
*DO* also apply at the local end. On the other hand, the local end is
under my control (well.. OK.. the guy in the next cube over ;) so I can
make informed decisions regarding whether to trust its opinions...
pgp2DyKmsptHh.pgp
Description: PGP signature