Merit Network
Can't find what you're looking for? Search the Mail Archives.
  About Merit   Services   Network   Resources & Support   Network Research   News   Events   Home

Discussion Communities: Merit Network Email List Archives

North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Re: Mobile code security (was Re: rr style scanning of non-customers)

  • From: Brandon Butterworth
  • Date: Mon Jun 16 12:12:02 2003

> 	I think pauls point may be:
> 	If they use text based mailers

I know, intrinsically safe is good but that's not what managment
wants so you end up with bodges to make their choices safer. Some
people may go too far

> 	It's a lot harder to open up a microsoft executable on a *nix
> machine than a windows machine.

We have ongoing pressure to switch to MS based systems to tie in with
corporate stuff (being a Unix island is hard) so this problem interests
me, we've thought about filtering but more extracting info where
possible rather than rejecting (so your text/plain would get turned
into plain text). We'd reject html only along with various document formats

> 	If your abuse desk can't take the complaint, you can't do anything
> about it.  The abuse/security desks are in most cases small, understaffed
> and hidden to prevent them from being overworked yet do enough that
> you're not called a spam/abuse harborer.

Often filtered through a front desk that risk breaking it
or running it. 

I think holding those messages somewhere someone with a clue can look
at them if they need to and only passing plain text through
intermediate systems & people is best. We'd like to be able to see the
virus for forensics so we're not going to be allowed to get these
messages anywhere near Exchange anyway.

brandon




Discussion Communities


About Merit | Services | Network | Resources & Support | Network Research
News | Events | Contact | Site Map | Merit Network Home


Merit Network, Inc.