As rayg @
> There is no way that reading a text only e-mail message can
> infect a computer. The only way that a virus could be spread in an e-mail
> message is if the message has some form of binary attachment, which is detached,
> and then executed by the receiver, or a virus is sent uuencoded in the text of
> a message, and the receiver took the deliberate (and cumbersome) step of
> decoding it and executing it.
We might need to expand the discussion a little because of the
restrictive definition of the term "virus". I claim however, that
this is NOT the only way to receive and process an email message in
such a way that it damages your machine and/or implants a virus. For
example if you receive a MIME message with a postscript attachment,
and your email reader is one that automatically runs this through an
unsafe postscript interpreter. This can cause your machine to have
it's local files modified in a way that is not apparent to you (e.g.,
your .cshrc or your autoexec.bat). Other MIME types have this problem
as well, though I don't know of anyone who has done an exhaustive
study on it.
If you abstract away from MIME for a moment, the problem is not that
you are receiving a program that you run when you read the message,
but that you are receiving input for a local program, and this input
should not be trusted for some programs. The postscript language
contains operators that give open access to the local file system, and
processing of postscript may therefore manipulate your local files.
The same is true of most page description and/or markup languages, and
probably some word processing formats and/or spreadsheet formats as
well. Therein lies the primary danger that I see from email.
As to how this affects firewalls, I see the primary purpose of
firewalls as a cost-saving measure; to allow people inside the
firewall to run potentially unsafe but convenient and cheap software,
and concentrate your security attention at the point where you are
confronted with the attacks. It seems prudent therefore to consider
extensions to proxies that would selectively block such unsafe things
as risky MIME types. I know that of at least one example of an http
proxy modified to do this. Whether this is appropriate for your site
depends on your local policy and user base, as usual.
Sandia National Laboratories