Re: Mobile code security (was Re: rr style scanning of non-customers)
I think pauls point may be: If they use text based mailers
I know, intrinsically safe is good but that's not what managment wants so you end up with bodges to make their choices safer. Some people may go too far
It's a lot harder to open up a microsoft executable on a *nix machine than a windows machine.
We have ongoing pressure to switch to MS based systems to tie in with corporate stuff (being a Unix island is hard) so this problem interests me, we've thought about filtering but more extracting info where possible rather than rejecting (so your text/plain would get turned into plain text). We'd reject html only along with various document formats
If your abuse desk can't take the complaint, you can't do anything about it. The abuse/security desks are in most cases small, understaffed and hidden to prevent them from being overworked yet do enough that you're not called a spam/abuse harborer.
Often filtered through a front desk that risk breaking it or running it. I think holding those messages somewhere someone with a clue can look at them if they need to and only passing plain text through intermediate systems & people is best. We'd like to be able to see the virus for forensics so we're not going to be allowed to get these messages anywhere near Exchange anyway. brandon
brandon@rd.bbc.co.uk (Brandon Butterworth) writes:
I think pauls point may be: If they use text based mailers
"text based" is not what i'd require. "professional grade" is the right term. that can be anything from "xmh" to "eudora" as long as it was written to stand up to the worst the internet is capable of delivering to it. "text based" is my own preferred crutch but you don't need "text based" to get "professional grade".
I think holding those messages somewhere someone with a clue can look at them if they need to and only passing plain text through intermediate systems & people is best. We'd like to be able to see the virus for forensics so we're not going to be allowed to get these messages anywhere near Exchange anyway.
you sure as hell need to be able to look at them, and to know they're present. bouncing them or stripping them are signs of extreme ignorance/irresponsibility and the people who sell/buy/deploy/whatever the technology that strips or bounces mime attachments "because of what they might contain" should get a clue. -- Paul Vixie
Paul Vixie wrote:
"text based" is not what i'd require. "professional grade" is the right term. that can be anything from "xmh" to "eudora" as long as it was written to stand up to the worst the internet is capable of delivering to it. "text based" is my own preferred crutch but you don't need "text based" to get "professional grade".
Is there a reason everyone leaves out poor lil' Mozilla which, while having a few quirks now and then, far out-performs the M$ code. Let's see. Better built in filtering (especially with imap), good thread support, support for simple html to allow partial rendering without setting off those spy tags, and the list goes on.
you sure as hell need to be able to look at them, and to know they're present. bouncing them or stripping them are signs of extreme ignorance/irresponsibility and the people who sell/buy/deploy/whatever the technology that strips or bounces mime attachments "because of what they might contain" should get a clue.
Ignorance is the commonality of the Internet. -Jack
participants (3)
-
Brandon Butterworth -
Jack Bates -
Paul Vixie