As this is Vincezo's code and not James' this rant is just my 2c.. I'm not sure that omitting to scan *any* part is a good idea.
I know this isn't apache software, but if it was I'd veto introducing any security loophole based on hearsay or speculation and not published research. Unless you guys know a lot more than me about virus detection I don't see how you can confidently predict what might be carrying a dangerous payload, just because it looks tastes and smells like an image doesn't mean that it is. Isn't that the virus writers idea to slip a payload through your security masquerading as innocent data. Just because *we* can't see what harm it would cause doesn't mean that it really is benign. Surely the reason why virus detection co's recommends you regularly scan everything, Norton AV scans gifs on my hd. I don't pretend to know much about it but you don't have to speculate much either to work out what would happen if binary data could be slipped through in mail as a .gif and somehow activated by some other exploit. If there are issues with certain mime types then that is a bug that needs fixed for security reasons, and not something we should even consider working around if it is going to produce a loophole, however small, in the AV scanning. As far as I can make out it is the attitude in resolving conflict that functionality is more important than security which gives M$ such a hard time. I urge caution. d. > -----Original Message----- > From: Noel J. Bergman [mailto:[EMAIL PROTECTED] > Sent: 21 June 2003 15:47 > To: James Users List > Subject: RE: Matchers & X Window > > > > > As graphic parts can't carry viruses, is it necessary to get > the content > at > > > all? Not doing so would circumvent the problem and speed > things up too. > > > How do you know it is really a graphic? All you know is that the > > mime-type description has been set to image/gif. It might have a > > file-name that ends in ".exe" > > Then why not add an optional check to make sure that the type matches the > file extension (if present) based upon a mime type map? > > --- Noel > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] >
