|
Posted by Ertugrul Soeylemez on June 13, 2007, 12:31 am
If you were Registered and logged in, you could reply and use other advanced thread options
> E-mail scanning is redundant. You don't need it. It will often
> interfere with e-mail transfers (because of the injected delay in the
> mail traffic while the on-demand scanner interrogates that mail
> traffic).
It is not. Some emails try to exploit certain vulnerabilities in email
clients. Such exploits are often based on a vulnerable mail
parser/decoder. Because parsing emails is such a complex matter, there
is a lot of room for bugs.
> Besides, ALL e-mail gets sent as plain-text. If you look at the
> source of the e-mail, it is all text. Any graphics or other binary
> content or attachments are encoded into plain-text within a section in
> the body of the e-mail. Plain-text is harmless.
Yes, as long as it lies on the server and is not parsed. Upon
forwarding it to the client, it _becomes_ potentially harmful, because
of the fact that the program has to parse and decode it.
> You would have to actually DECODE that plain-text content when saving
> the attachment into a file - and the same on-demand scanner used to
> interrogate your mail traffic is the same on-demand scanner watching
> when you create a new file when saving that attachment.
Things like images, HTML, sometimes even PDF or certain script types,
are decoded and run/displayed right away. Some clients take the detour
through a temporary file, but others display right away.
Regards,
Ertugrul S=C3=B6ylemez.
--=20
Security is the one concept, which makes things in your life stay as
they are. Otto is a man, who is afraid of changes in his life; so
naturally he does not employ security.
| 
XML site map