John C Klensin wrote:
--On Friday, February 04, 2005 8:41 AM +0000 Tim Chown wrote:
Our anti-virus system tags all IETF draft announcements as
being potentially dangerous. I suspect because of the unusual
options to fetch the data that are encoded in the MIME header.
Hmm. There is a case to be made that those external body part options
are as safe, or safer, than a delivered attachment: you can, in
principle, inspect either before opening or executing it, but I can
easily imagine one of those "a good/fun user experience is more
important than security or bullet-proof-ness" MUAs being designed to
provide better access for an actual virus-checker for the external body
parts. Certainly an external body part is as safe and probably safer
than an imbedded URL, especially in an MUA that opens those URLs
automatically.
So my instinctive response to that request is "have you considered
getting your anti-virus software fixed?".
Our firewall software here also briefly tagged message/external-body
attachments as dangerous. Instead of just removing the attachment, the
software deleted the entire message and sent a note saying that they had
done so. Whoever had installed the software just didn't get it; it took
us a bit to get them to fix it.
Even more fearful, I have a feeling that they were just following
instructions provided by the firewall software people, who SHOULD know
better.
Tony Hansen
_______________________________________________
Ietf mailing list
Ietf(_at_)ietf(_dot_)org
https://www1.ietf.org/mailman/listinfo/ietf