ietf-smtp
[Top] [All Lists]

Re: Virus scanning non-structured emails

2004-07-09 09:29:29

Actually it's the other way around.  

It's irresponsible (and a violation of the MIME standard) to produce
mail user agents that present potentially-harmful content.  It's bad
enough that they present harmful content in well-formed MIME body parts;
even worse when they make extra effort to find harmful content that
isn't properly formatted or labelled and try to present _that_.

Given the presence of such user agents, it's somewhat reasonable for
virus scanners to look for harmful content that isn't properly labelled.
But it's ridiculous to expect virus scanners to prevent exploiting all
security holes in software that has security holes by intent, design, 
and sloppy implementation.  

To say that virus scanners are "responsible" for fixing holes in 
user agents puts responsibility in the wrong place. 

--
Regime change 2004 - For great justice.