[59150] in North American Network Operators' Group
Re: Mobile code security (was Re: rr style scanning of non-customers)
daemon@ATHENA.MIT.EDU (Paul Vixie)
Mon Jun 16 12:35:04 2003
To: nanog@merit.edu
From: Paul Vixie <vixie@vix.com>
Date: 16 Jun 2003 16:34:25 +0000
In-Reply-To: <200306161609.RAA23040@sunf10.rd.bbc.co.uk>
Errors-To: owner-nanog-outgoing@merit.edu
brandon@rd.bbc.co.uk (Brandon Butterworth) writes:
> > I think pauls point may be:
> > If they use text based mailers
"text based" is not what i'd require. "professional grade" is the right term.
that can be anything from "xmh" to "eudora" as long as it was written to stand
up to the worst the internet is capable of delivering to it. "text based" is
my own preferred crutch but you don't need "text based" to get "professional
grade".
> I think holding those messages somewhere someone with a clue can look at
> them if they need to and only passing plain text through intermediate
> systems & people is best. We'd like to be able to see the virus for
> forensics so we're not going to be allowed to get these messages anywhere
> near Exchange anyway.
you sure as hell need to be able to look at them, and to know they're present.
bouncing them or stripping them are signs of extreme ignorance/irresponsibility
and the people who sell/buy/deploy/whatever the technology that strips or
bounces mime attachments "because of what they might contain" should get a
clue.
--
Paul Vixie
