> See what I mean?

Yes - this problem is well known.

If the unexpected executable contains a virus, the attachment will be 
blocked/removed.

The meaning of this feature is a "super-super-super whitelist" for 
attachments. And YES - use it with care OR don't use it in doubt! 

>But what if that vendor is compromised internally or otherwise?

This is a matter of trust. Do not open this door for "haphazardly clicking 
front office persons" !

- the signature is removed, if the Macro content is touched anyway

- it is not possible to modify a PDF without loosing the 
signature/certificate

- jar files loosing there signature if modified

- the case where an  executable is stored in the same compressed file 
along with a well known good file - hopefully any virus scanner willl 
catch it - otherwise the recipient should KNOW what do, because the 
attachment looks different to any ever received from this vendor


I'll make some tests for such a scenario.

Thomas






DISCLAIMER:
*******************************************************
This email and any files transmitted with it may be confidential, legally 
privileged and protected in law and are intended solely for the use of the 

individual to whom it is addressed.
This email was multiple times scanned for viruses. There should be no 
known virus in this email!
*******************************************************

_______________________________________________
Assp-test mailing list
Assp-test@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/assp-test

Reply via email to