[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [cobalt-users] Virus Scanning Email

Subject: RE: [cobalt-users] Virus Scanning Email
From: Dom Latter <DLatter@xxxxxxxxxxxxxxx>
Date: Fri Aug 3 00:19:09 2001
List-id: Mailing list for users to share thoughts on Cobalt products. <cobalt-users.list.cobalt.com>

> Can anyone share with me what products they might be using to 
> scan email and attachments for viruses? 

I am a great fan of Human Eyeball 1.0 and Good Old Fashioned 
Common Sense 1.0.  Using these, I have never had any problem
with attachments.

However, although most everybody comes equipped with the 
first, it seems that with many people the second product 
uninstalls itself the moment they sit down in front of a 
computer.

This means that you do, unfortunately, have to put safeguards
in place.

You do, of course, have anti-virus software on all your 
PeeCees which is updated nightly.  Don't you.  So you
will find that that takes care of most of it.

My experiences of email scanning software have been uniformly
negative.  My main conclusion is that they *must* be configured
and maintained by someone with Clue, otherwise they are, in
my opinion, worse than nothing at all.  And even then they
can get caught out by new viruses. 

All the initial copies of the Love Bug that I received had a 
footnote on the email proudly stating that the mail had been
scanned for viruses, and was "clean".  Which *increases*
the chances of the virus propagating.  Similarly SirCam has 
been slipping through in some circumstances.

And then there was the time I got spammed by somebody else's
scanning software; they had it configured to tell *everybody*
on the "to" list that they'd quarantined an email because it 
contained some rude words.

Talking of which, these gave me a giggle:
http://www.mimesweeper.com/download/extras/profanity_lists.asp
One the one hand, a serious newspaper article on the politics 
of immigration, such as I read last weekend, would get blocked;
on the other, getting a dirty joke through by simple substitution
is laughably simple.

These email scanning tools are a PHB solution to a PHB problem.

Simpler solutions include:
- blocking *all* incoming executable attachments.
- adding a .txt extension to all incoming (executable) attachments.

This has turned into something of a rant.  Yes, these products 
hack me off.  I guess it's because they 
- are expensive
- don't work
- only succeed commercially because they appeal to those that
  do not understand the internet, or email, or viruses.

It's a wonder that Redmond aren't in on the act too...

Security is a complicated issue.  It is essential to understand
that a single "Magic Bullet" product will not, can not, "fix it".
You need a process.  

While we're on the subject, comp.risks is essential reading:
http://catless.ncl.ac.uk/Risks
as is Crypto-gram:
http://www.counterpane.com/crypto-gram.html

Rant over.

Follow-Ups:
- RE: [cobalt-users] Virus Scanning Email
  - From: Carrie Bartkowiak
- RE: [cobalt-users] Virus Scanning Email
  - From: Jonothon Ortiz

Prev by Date: RE: [cobalt-users] Qube 3 Self Signing SSL Certificate
Next by Date: Re: [cobalt-users] [mod_so] [clibpdf]
Previous by thread: Re: [cobalt-users] Virus Scanning Email
Next by thread: RE: [cobalt-users] Virus Scanning Email

Sun Cobalt Users Message Index

Sun Cobalt Users Thread Index