ietf-asrg
[Top] [All Lists]

Re: [Asrg] DCC and IP checksums

2003-03-14 11:31:06

At 12:39 AM -0800 3/14/03, william(_at_)elan(_dot_)net wrote:
Actually one of my notes was exactly on this issue. I concuded that the
best is to use local filters and separate attachments (such as .exe, .scr,
.bat, etc) from the email and deliver email to recepient without an
attachment but include a instead a note/attachment that it was present 
with information on how attachment can be downloaded from the local ISP
server - possibly by using IMAP server with IMAP url indicating exactly
what message to get from the server. This saves time for users when
receiving email over slow connection (dialup) and for well-known viruses,
the users would not even try to download it (plus checking email for
viruses on common IMAP server is easier setup for ISP, since many use unix
servers for mail delivery but most antiviruses run from windows platforms)

1. This breaks HTML email (unless you were planning on guessing which 
attachments are currently "safe" and then checking them to see what 
they say they are--in which case you might as well just check for 
viruses).
As I said - only some attachments like .exe would not be delivered, rest are.

2. This actually makes life worse for the dialup user in the 
non-virus case.  Dialup.  Fetch mail.  Disconnect.  Try to read mail. 
Reconnect.  Fetch attachment.
I doubt you receive too many legitimate .exe attachments. I does happen, 
but its really rare.

3. While this would protect from auto-executing attachments, I fail 
to see why the user that opens a questionable attachment is going to 
be any less likely to download it.
That depends how smart user is. Most virus emails are detectable by content
I for one, never got my system infected so far. And having message that 
attachment is not delivered by needs to be picked up will make them more 
suspicious.
 
4. You lost me on the windows/unix problem there.  First of all, most 
major anti-virus vendors *do* offer Unix versions of their 
software--they know what platforms are used to deliver email. 
Not really. They do offer software that can be used on unix servers but 
usually acual core of the antivirus still runs on windows.  And most offer 
software that works just like I describe - it checks mailboxes by using 
POP3 or IMAP.

Secondly, if the IMAP server can run Windows, so can the POP server. 
Yes, so? It'll still be easier to scan particular "attachment" folder.

But in any case, unless you are going to install custom MUA software 
on all clients, you're going to have to use an HTTP server to handle 
downloads.  And people aren't very good at managing downloaded files. 
Not to mention that once it's downloaded, you just bypassed what 
minimal security efforts the email program would have provided to 
keep you from executing it.
Again read above - they will see warning that this is executable program 
and hopefully think about it. It is better than situation availalble right 
now. But it still relies on people being smart enough to see that they do 
not need this attachment and it is a fake (unless antivirus cought it in 
time).

5. If you're going to install custom software to deal with 
attachments--why not just install anti-virus software and be done 
with it? (Actually, the reason most vendors don't is that it's not 
cheap, and the way the licensing works with some anti-virus vendors 
it's possible that a burst of email will cause you to overshoot your 
licensing requirements and suddenly you won't be able to process any 
email at all.) 
The above would not be a problem when attachements are located in separate 
folder. The antivirus can have limit on how many attachemnts are checked 
per given time and do best it can. Not impossible that some would not be 
processed in time before attachment is downloaded but most would be.

Those costs need to be passed on to the end-user. 
And since the end-user has already been told a million times that 
they need to install anti-virus software, and since email isn't the 
only way to get viruses....  Let them do it.) 
The main problem is that too many do not do it which causes headaches for 
service providers which end up thinking on how to check email on their 
end. The reason why some do it is to mimimize their support cost.





_______________________________________________
Asrg mailing list
Asrg(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/asrg



<Prev in Thread] Current Thread [Next in Thread>