[Mimedefang] patch to add blocking of encrypted email via uvscan
Ole Craig
olc at cs.umass.edu
Tue Dec 9 12:38:37 EST 2003
On 12/09/03 at 10:28, 'twas brillig and Lucas Albers scrobe:
> >> Your fear may be unfounded. I suspect that'll be a virus with
> >> a low propagation rate, since a user dumb enough to click on untrusted
> >> content is likely also dumb enough not to find the password for the
> >> file...
>
> Virus's/spam has evolved to get past bayes databases's and attachment
> blocking. It seems that most mail servers will reject exe attachments but
> allow zip files. Virtually none of them block password protected files.
> Ask yourself (not agreeing or disagreeing with the above statement), "What
> is the next logical progression for virus's?"
>
> New extensions if possible....?
> Multiple infection types, share scanning, built in smtp server.
I understand, and the points you (and others) have raised are
valid. The breakdown I see is at the UI -- it's no longer a
point-n-click activation. Now it's point-n-click, re-read message,
type. (possibly lather/repeat steps 2 and 3, particularly for random
strings.) Moreover, even braindead unpatched lookOut clients won't be
able to auto-launch the content; there will be a requirement for user
interaction that goes well beyond the reflexive index finger on the
mousebutton. I think that's enough of a stumbling block that this
paradigm won't achieve critical mass.
Ole
--
Ole Craig * UNIX, linux, SMTP-ninja; news, web; SGI martyr * CS Computing
Facility, UMass * <www.cs.umass.edu/~olc/pgppubkey.txt> for public key
[...] Oh, shed thy mercy and thy grace / On those who venture into space.
(R. A. Heinlein)
More information about the MIMEDefang
mailing list