On Wed, 2002-01-16 at 01:45, Tzafrir Cohen wrote:
> On 15 Jan 2002, Bill Kenworthy wrote:
>
> > There's also "anomy", a perl script that does all this and more.I am
> > using it via procmail/postfix and other than false alarming (warning
> > message) on the Mandrake list coz its footer gets included as an
> > attached text document.
>
> What's wrong with a text/plain part?
I think this is just a warning that it has been scanned and nothing
obnoxious is hidden within - some mail systems are set to to delete ALL
attachments before forwarding to reduce risk, this is a compromise, and
informs the user that it has been checked.
>
> > It picks up the usual virii attachments quite
> > reliably, defangs html mail (embedded scripts etc in the html) and also
> > perl/shell scripts etc (inserts an "exit" statement and comment at the
> > top of the file so it cant be run by accident!)
>
> Sounds very intrusive to me.
How paranoic are you? - i.e., this is the preference (or specification
worked to) by many people. Its only mildly intrusive and my family use
mail lists that love cute html things and this is a bit safer. and no,
one cannot turn off incoming html mail (a popular uprising would occur!)
- some of the lists have no alternatives! We also get the odd html
carried virus and this picks up and sanitises them quite reliably.
>
> A decent mail program does not execute scripts. If my mailer (OK, it
> probably has a number of buffer overflows somewhere, but it is rather sane
> apart from that) gets some script, it simply displays it to me.
>
> Now if some support guy sent Joe User a script to use, he had to work
> around those strange (=unexpected) limitations
>
Now if someone set up a mimetype in evolution for say, perl and
misclicked one time...
Not likely, but it could happen. Also, one place I have worked had a
number of developers working in windoze with perl and the windoze unix
and shell environment (cant remember the name - mental block!!!) which
would be at risk of executable shell scripts for all the usual windoze
reasons.
> > It can also call a true
> > viris scanner to scan documents you want to let through, but need
> > checking internally.
>
> IMHO you should not try to overly clean. I rather have a virus scanner
> bounce a message than trying to clean it, and possibly creating an
> incorrect content.
>
personnel pref. Also not clean, rather look inside a file and see if it
does contain a virus, rather than just bounce based on criteria - its
flexible! At one time I did have anomy set to bounce, but I dont trust
the return address any more. I have heard that there is at least one
virus that trys to fake the header.
> > The documents have some discussion on performance
> > tuning, which from memory was quite acceptable considering what it is
> > doing.A good first line for Linux users and
>
> For linux users?
whoops, meant to say and "windows clients hanging off the mail system."
> Linux users have decent mail clients (read: not many people used Outlook
> & co. on linux lately)
user misconfiguration, and mail for doze users passing through ...
>
Good points though!

> --
> Tzafrir Cohen /"\
> mailto:tzafrirtechnion.ac.il \ / ASCII Ribbon Campaign
> Taub 229, 972-4-829-3942, X Against HTML Mail
> http://www.technion.ac.il/~tzafrir / \
>
>
>
> For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
> message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure,
> go to http://www.mandrakesecure.net/.
>

For help, email discuss-helpmandrakesecure.net; to unsubscribe send a
message to discuss-unsubscribemandrakesecure.net. To visit MandrakeSecure,
go to http://www.mandrakesecure.net/.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]