On Tue, Jul 13, 1999 at 12:09:32PM -0500, Bruno Wolff III wrote:
> On Tue, Jul 13, 1999 at 12:28:14PM -0300,
> Eric Dahnke <[EMAIL PROTECTED]> wrote:
> > I think a good virus scanning package would be an increadible asset for
> > the qmail community. There are not many mailhubs which provide a virus
> > scan. Where I worked previously the virus scan package that we used with
> > Exchange went for $20,000.
> >
> > Anyway, I'm a few months from delving heavily into virus scanning, but
> > am glad to see that there is already work being done.
> >
> > Think of how well a virus free outsourced mail service would go over.
> > Viruses wreak havoc on corporate LANs.
>
> Dream on. What are you going to do when people use public key encryption
> by default? The server won't be able to decode the messages to scan
> on behalf of its users.
I seriously doubt that a majority of users will be using public key
encryption anytime soon. Encryption went from being something hard to use to
something you have to pay to use. Only the users that demand secure e-mail
will be using encryption.
> In the shorter run, viruses will be developed that use a simple encryption
> each time they transmit themselves in order to keep the fixed part of the
> virus small in order to make virus detection more difficult. They may
> also use a number of varient codes to do the decryption part so that even
> that may vary with each copy.
There are already many variants of many common viruses.
> Another problem is that virus checking is going to take more and more time
> as the number of viruses that have ever been written increases. Virus
> scanning just can't work in the long run.
How do you propose viruses be detected then? What will "work in the long
run"? I suppose we should just ask the malicious hackers out there to just
"stop" making and distributing viruses.
> The other question is why this is being done on the mail server instead of
> on the end user machines, where there is likely to be a lot of underused
> CPU power?
Where I work we run VirusScan on the workstations and NetShield on the
servers. Guess what, the servers catch way more viruses than the
workstations do. Why? Because it's a hell of a lot easier to upgrade 10
servers than it is to upgrade 800 workstations every time there is an update
from McAfee. Yes, we could start AutoUpdate on every workstation if we had
the manpower. But there will always be some machines that fall through the
cracks.
Anyway, I think the best solution here is to scan for viruses *after* the
mail has been delivered. (Or possibly in a way that is transparent to the
MTA, which scans the file before it is written to disk). This takes the
responsibility away from the MTA. McAfee can already look inside Zip files
for viruses, adding the code to look in UUEncoded emails shouldn't be much
harder. This would be especially good for qmail because the Maildir
delivery format because each message would be a different file and would be
able to be scanned separately by the scanner.
--Adam
