-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
> At a bare minimum, the eSafe Gateway should give the option of scanning all
> files, regardless of MIME type. Ideally, it would also have the option of
> examining the CONTENT of the file to determine whether or not it is worth
> scanning. Using "magic numbers" to identify files is nothing new. Unix
> people can take a look at the "file" which has been using this concept to
> identify file types almost since the beginning of time.
The problem with magic is that it can be forged. It would be fairly
straightforward to come up with a virus or trojan that had the magic of a
PDF file: Just have a JMP instruction at the beginning to skip over the
magic.
No, everything should be scanned, no matter what. Unfortunately there are
performance issues associated with this strategy.
Ian Turner
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.1 (GNU/Linux)
Comment: For info see http://www.gnupg.org
iD8DBQE44E37fn9ub9ZE1xoRAqbeAKCt4FPMntKQ7XDvBM7g3sMttHO1SwCg4LjB
S6rISjUSXa3msVCkgf309Xc=
=O8wX
-----END PGP SIGNATURE-----
