Home page logo
/

nanog logo nanog mailing list archives

Re: Mobile code security (was Re: rr style scanning of non-customers)
From: Paul Vixie <vixie () vix com>
Date: 16 Jun 2003 16:34:25 +0000


brandon () rd bbc co uk (Brandon Butterworth) writes:

    I think pauls point may be:
    If they use text based mailers

"text based" is not what i'd require.  "professional grade" is the right term.
that can be anything from "xmh" to "eudora" as long as it was written to stand
up to the worst the internet is capable of delivering to it.  "text based" is
my own preferred crutch but you don't need "text based" to get "professional
grade".

I think holding those messages somewhere someone with a clue can look at
them if they need to and only passing plain text through intermediate
systems & people is best. We'd like to be able to see the virus for
forensics so we're not going to be allowed to get these messages anywhere
near Exchange anyway.

you sure as hell need to be able to look at them, and to know they're present.
bouncing them or stripping them are signs of extreme ignorance/irresponsibility
and the people who sell/buy/deploy/whatever the technology that strips or
bounces mime attachments "because of what they might contain" should get a
clue.
-- 
Paul Vixie


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault