I think the trouble with this attachment is that the whole e-mail is
encrypted "in clear" (anybody can decrypt) to save space when you send the
e-mail (SSL/TLS includes compression).
The trouble is that the whole e-mail is encapsulated inside this signed
attachment. Therefore your antivirus may not be able to decrypt,
desencapsulate and check each part for viruses.
It is best to sign e-mails by adding a S/MIME signature only. The people who
do not have S/MIME can still read it. In .p7s form they can't read the
e-mail without having s/mime.
Hope it helps.
cf SSL Certificates HOWTO on www.tldp.org
Cheers
Franck Martin
-----Original Message-----
From: Michael [mailto:KungFuMan(_at_)videotron(_dot_)ca]
Sent: Thursday, 13 March 2003 8:56
To: ietf(_at_)ietf(_dot_)org
Subject: .p7s attachment
Hi .. I am setting up an exchange server with webshield
installed... While
setting up the virus scanner, I was recommended (by
microsoft) to block .p7s
attachments.
Since those are certificate files, I am wondering what is the
danger, and
I'd like to know if anyone here could bring me some light...
Michael