Hello Mike, Friday, March 21, 2003, 2:27:00 AM, you wrote:
MA> I must disagree. Amongst people who are aware, it probably is, most of MA> the time. But the majority of people who do actually get AV software MA> aren't clued up about viruses and the way they operate. These same MA> people are more likely to import a virus through means other than MA> mail i.e. it won't be caught by a mail scanner on an inward trip. MA> Secondly, it's quite possible for the incoming scan to miss a virus MA> due to it's newness, but for the scan to be updated before the virus MA> is sent out again, and it will then catch it on the way out. That's MA> just two reasons that spring to mind. I'm afraid I must disagree with you. This is what "On-Access" scanners are for. The user selects the attachment, it's scanned transparently when it's read, and it's then attached. If it had a virus, then the attacchment is quarantined or cleaned - if it's quarantined or access is otherwise blocked, the mail client returns an error when attaching. Otherwise, a cleaned attachment is sent. A scan-on-send is only useful it you forward a message that wasn't scanned on receiving - as it's likely any temporary files will already be MIME/UUEncoded and therefore not scanned by your on-access scanner. Given that this forwarding is the only vulnerability not caught by the on-access scanner, it's wise to look and see how much of a problem it is. You effectively cover this in your your "scan before send might catch a new virus due to updates downloaded since incoming" hypothesis. I find that this hypothesis slightly stretching credibility, to be honest. It's not that it's impossible - just that it's highly unlikely. The equivalent argument for travel would be: Don't fly without taking a radio - because between the time you leave your house and the time you board the plane, someone might broadcast a news article on how your plane or airline is somehow fundamentally unsafe. Yes, it's possible. But it's hardly likely. You heard the news at home. Not much is going to have changed - worldwide or locally - between leaving and boarding that airplane. And if the airplane/airline were defective, the appropriate authorities would intervene to stop the flight. In the "scan before sending" scenario, your AV package represents those authorities. And like those authorities, it needs to be updated with the news (AV signature updates) to be able to help anybody. But the fact is that the chances of: a) A new, fast spreading virus being active in the wild b) You receiving it, and wanting to forward it on (Leaving aside any issues of it looking suspicious etc.) c) Your antivirus vendor providing an update between you recieving it and forwarding it Are very slim indeed. So slim that, in terms or risk assessment, it's be the equivalent of insuring yourself against being savaged by sloths. Scanning your outbound emails will, in all likelihood, give you a false sense of security that prevents you from ensuring your AV package is suitable updating. And saying that you scan your outbound emails in your signature will give recipients false confidence too. I believe it's much better to scan your inbound mail only, and let each individual assume responsibility for the safety of their computer(s). That way, we all know where we stand, and we don't start on the "but they said it was safe" thread when something goes wrong. And let's not forget that The Bat! is quite a secure email client. It doesn't have scripting vuilnerabilities or other issues. So the only way for a virus to run from The Bat! is for a user to detach and run it - and at that point, the on-access scanner comes into play. Furthermore, such viruses tend to have their own SMTP engines, and will bypass The Bat!'s sending mechanism - thus bypassing your scan. Therefore, I believe that "scan before sending" is, at the end of the day, a waste of time. Of course, you can choose to continue this practice - but if you send me a mail I won't care if it was scanned before sending. I'm only going to trust it when my antivirus package pronounces it clean. And not before. -- Best regards, Philip mailto:[EMAIL PROTECTED] Using The Bat! v1.62i on Windows 2000 5.0 Build 2195 Service Pack 3 ________________________________________________ Current version is 1.62 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
