Mobile code security (was Re: rr style scanning of non-customers)

• Previous message (by thread): Mobile code security (was Re: rr style scanning of non-custom ers)
• Next message (by thread): Mobile code security (was Re: rr style scanning of non-customers)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

> 	I think pauls point may be:
> 	If they use text based mailers

I know, intrinsically safe is good but that's not what managment
wants so you end up with bodges to make their choices safer. Some
people may go too far

> 	It's a lot harder to open up a microsoft executable on a *nix
> machine than a windows machine.

We have ongoing pressure to switch to MS based systems to tie in with
corporate stuff (being a Unix island is hard) so this problem interests
me, we've thought about filtering but more extracting info where
possible rather than rejecting (so your text/plain would get turned
into plain text). We'd reject html only along with various document formats

> 	If your abuse desk can't take the complaint, you can't do anything
> about it.  The abuse/security desks are in most cases small, understaffed
> and hidden to prevent them from being overworked yet do enough that
> you're not called a spam/abuse harborer.

Often filtered through a front desk that risk breaking it
or running it. 

I think holding those messages somewhere someone with a clue can look
at them if they need to and only passing plain text through
intermediate systems & people is best. We'd like to be able to see the
virus for forensics so we're not going to be allowed to get these
messages anywhere near Exchange anyway.

brandon

• Previous message (by thread): Mobile code security (was Re: rr style scanning of non-custom ers)
• Next message (by thread): Mobile code security (was Re: rr style scanning of non-customers)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]