Author: Alan J. Flavell Date: To: Exim users list Subject: Re: [Exim] Re: Bugbear/B filtration
On Thu, 5 Jun 2003, Patrick Starrenburg wrote:
> One thing you need to be aware of - and Tom is aware of this issue - is
> that Exiscan will **_NOT_** find all occurances of attachments correctly
> and block them therefore you *may* still be at risk.
One other thing one needs to be aware of is that even if one were able
to identify every attachment correctly, it wouldn't be the whole
answer, because the specific client software which we are discussing
will invent attachments even where there are none. I simply can't
begin to tell you just how bad I think that is.
In order to protect that cripple, one would really need to guarantee
to second-guess all of its possible misbehaviours, too. One might as
well try to solve the halting problem...
> If the attachment had not been caught by our inside virus scanner which
> *did* fully unpack the MIME and remove the attachment then we would have
> been infected.
I agree that there is no 100% defence, and I hope I didn't give the
impression that I thought there was. However, I do think that my
original point stands, that one needs both kinds of defence
(incomplete though each of them may be, and obstructive to what might
otherwise be bona fide mails).