Vulnerability Development mailing list archives
Re: Virus Scan Notices in eMail
From: sen_ml () ECCOSYS COM (Sen_Ml Sen_Ml)
Date: Thu, 29 Jun 2000 10:53:17 +0900
From: Dan Schrader <Dan_Schrader () TRENDMICRO COM> Subject: Re: Virus Scan Notices in eMail Date: Wed, 28 Jun 2000 12:28:49 -0700 Message-ID: <D129BBE1730AD2118A0300805FC1C2FE04C79B02 () 209-76-212-10 trendmicro com>
Agreed This is a misuse of a feature some banks asked us to add to the software. They asked for a way to add a disclaimer to every outbound message so that they could make certain recipients new that the email was not an official approved statement from the corporation. A few sites have started to use this feature as shown below. Bad idea - no product can guarranttee 100% virus detection.
along these lines, it seems to me that in theory, the scanner could digitally sign (say w/ openpgp signatures) the entire message once it has scanned it (along w/ the results of scanning of course: e.g. didn't find anything suspicious + timestamp). i doubt there are many set-ups that would go for this as it would seem to require key distribution and verification on the parts of the participating parties for this to be effective and even then...a lot of effort for return that might not be worthwhile. there is also the concern of having missed something while scanning ;-) my $.02
Current thread:
- Re: Virus Scan Notices in eMail Dan Schrader (Jun 28)
- Re: Virus Scan Notices in eMail Sen_Ml Sen_Ml (Jun 28)