We've gone around this circle at least once before. Coming up to
1) it is *impossible* to prevent a determined individual from
transferring executables via email. (But you can slow them down)
2) The vast majority of such transfers *can* be prevented by an
automated program scanning for the most common forms of encoding.
Also, it is possible to virus scan the binaries that have been
detected. However, general consensus is that such scanning is
ineffective because it only cover one channel of binaries to the PC,
(Floppy disks are another). Virus scanning must be done at the PC.
However, I must admit that I'd be interested in a Word document macro
virus scanner :) These "executable content" vira are an interesting
Secure Systems Engineering
AT&T Bell Labs
> Chris Tyler <chris @
> >Slava Kritov writes:
> >> Any uuencode ?
> >> Sorry, as a sysadm of 500+ orgs can say, that people sometimes exchange
> >> word docs in uuencode, and ( for Mac's ) you can't even say its word doc
> >> based on name ...
> >Right... so? The purpose was to deny all attachments, whether word DOCs or executables. So
> >you look for the uuencode signature string and deny.
> But by only looking for the 'signature's of known binary encoding formats
> you then open yourself up for people to create their own encoding formats
> to get around your scan for, and restriction on encoded message enclosures.
> 3 possibilities for getting around a scan for known encoding signatures :
> 1. rot13 a uuencoded file before e-mailing it. Describe in the message
> how to unrot13 the message before uudecoding it.
> 2. Use an (admittedly) inefficient format for encoding binary, such as:
> RAVE AFRO STUB DAM HONE HAY
> CLAD WILL JOIN PET LONG WEED
> The recipient will need a decoder of course.
> 3. PGP encrypt the entire message before transmitting. How will the
> mail scanner know what is inside the message? Are you going to
> reject all encrypted messages? I think that encrypted messages
> will increasingly become the norm on the Internet as PC based
> mail programs incorporate automatic easy-to-use PGP encryption.
> - Morrow
Re: Mail Proxy
From: pmc @
pt (Pedro de Melo Ribeiro da Cunha)