On Sun, 2005-02-06 at 11:15 +1300, Nick FitzGerald wrote: (a very well worded reply)
However your reply seemed to focus on the desktop client as if that was my primary focus. I know that results on virustotal use desktop scanners, but I used it to gain an indication of how scanners in general handle the files. The real point is the gateway, which you agree with me on. As I stated. "The point being in order to ensure your email scanning solution is performing adequately check that it does indeed scan archives other than plain zip files." I really should have installed multiple email gateways and tested them, but to be honest it was more work than was worth doing on something that is relatively trivial, but still an issue that may need to be addressed. When it comes to desktop scanners, most of them have a deep scan option, in my opinion the deep scan should indeed scan archives other than the most common otherwise it's redundant code. I personally don't want to trust one part of the scanning engine on the desktop for protection, there are multiple reasons that can fail. Files should be scanned at the gateway, at the workstations and at the file-server. If your network relies on the "on access" scan only, you are risking network integrity on a single point of failure, desktop on access scanner fails and you are infected. The AV companies obviously agree with me that's why they have gateway, on-access and sweep scans. if you check their websites or install instructions they invariably instruct you to schedule a scan AND run the on-access scanner. Also half the products on virustotal do infact have tar.gz capability in their products so I'm not alone in my belief that this should be supported. On-Access isn't a single solution to the problem, although it's a very good _last line of defense_. I do agree with your feature bloat argument, finding the balance between good functionality and bloat to the point of instability is not often easy. However most virus companies agree they should scan files in all formats they've seen viruses in and they do offer deep scanning, the deep scan should err.... scan deep. Thanks for your reply Nick your points are indeed all valid arguments against uncommon archive support in desktop scanners. I still believe however that support for these formats could become necessary and should be in AV products at all checkpoints. I don't believe in belt and braces. Belt, braces and super glue at the bare minimum :-P -- With Regards.. Barrie Dempster (zeedo) - Fortiter et Strenue blog: http://zeedo.blogspot.com site: http://www.bsrf.org.uk [ gpg --recv-keys --keyserver www.keyserver.net 0x96025FD0 ]
signature.asc
Description: This is a digitally signed message part
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html