[prev in list] [next in list] [prev in thread] [next in thread] 

List:       firewalls-gc
Subject:    Re: Virus Scan....
From:       harley () icrf ! icnet ! uk
Date:       1997-01-28 11:05:36
[Download RAW message or body]

> > ftp/smtp/http traffic for viruses, and passes all scanned traffic on.  It is 
> > "transparent" - there are no interactions directly with the WebShield - and 
> > "cannot be bypassed" - all traffic must go through the WebShield machine.
> 
> Hmmm, what if I use PGP to encrypt a program to you?  The very nature of
> PGP ensures that the message should only be decrypted by you.  How can any
> virus checker cope with this?  Deny the mail?  
> 
That's letting the tail wag the dog. Preventing viruses is a
service, it's not usually the primary mission of a user or
organisation. Someone at the site has to make an administrative 
decision to:

* Quarantine encrypted or otherwise unreadable messages and 
  deal with them 'safely'. Best practice, maybe, but time-consuming
  and requiring delicate handling with sensitive material.
* Alert the recipient that the attachment/file etc. hasn't been scanned
  for viruses and trust them to handle it appropriately. In which case
  you need to make a very clear policy statement on what 'appropriately'
  means (which may vary considerably according to circumstances).
* Or make it a policy not to accept 'difficult' imports such as
  encrypted mail. But now you've sacrificed at least one security 
  principle to enforce another. I can envisage quite a few sets of
  circumstances where guaranteeing the integrity of the data 
  received, validating the source, and preserving privacy, are 
  much higher priorities than the risk of infection by a (probably
  PC) virus.

This comes back to my usual point: there's no substitute for good
virus detection at the desktop. 

-- 
David Harley                     \   |   /                 alt.comp.virus FAQ
D.Harley@icrf.icnet.uk            \  |  /               & Anti-Virus Web Page
Support & Security Analyst         \ | /         Folk London On-Line gig-list
Imperial Cancer Research Fund   ____\|/____   http://webworlds.co.uk/dharley/

[prev in list] [next in list] [prev in thread] [next in thread]