On Nov 15, 2004, at 12:32 PM, Dennis Skinner wrote:
How little user interaction is required before it is considered a "technical" enough? Require the user to open the attachment? Require the user to pop their mail?
Technically, most viruses these days are social engineered in some way. Unlike the the boot sector viruses that seem to have gone the way of the floppy disc.
Given the new push for integration between the internet and local computers, limiting an AV scanner to only protecting against viruses physically included in an email is a bit short-sighted in my opinion. It's getting to the point where users are unable to distinguish between what is remote and local content.
Well...how about this counterproposal...
Let's make ClamAV into a filter that takes ALL mail, strips HTML, converts it into plain text, and strips all scripting out of the message whatsoever, as well as attachments? It could move them to a configured "mail website" where you click a link that Clam inserts into the mail message (plain old URL) if you're interested in getting it, and you can browse whatever graphics or attachments were meant for that message and were instead stripped? Of course this would mean setting up a web server and database server, but those tools exist already. This way it doesn't matter what new threat comes out, your mail is already defanged, demangled, demimed and sanitized for the user's protection! It could protect from click traps, malware attachments, script exploits...users just lose their dancing icons and pretty pretty backgrounds. It could also make previously hidden text visible from spam.
On one hand, it's sarcastic as heck. On the other, it might not be a bad idea.
-Bart
_______________________________________________ http://lists.clamav.net/cgi-bin/mailman/listinfo/clamav-users
