> > ftp/smtp/http traffic for viruses, and passes all scanned traffic on. It is
> > "transparent" - there are no interactions directly with the WebShield - and
> > "cannot be bypassed" - all traffic must go through the WebShield machine.
> Hmmm, what if I use PGP to encrypt a program to you? The very nature of
> PGP ensures that the message should only be decrypted by you. How can any
> virus checker cope with this? Deny the mail?
That's letting the tail wag the dog. Preventing viruses is a
service, it's not usually the primary mission of a user or
organisation. Someone at the site has to make an administrative
* Quarantine encrypted or otherwise unreadable messages and
deal with them 'safely'. Best practice, maybe, but time-consuming
and requiring delicate handling with sensitive material.
* Alert the recipient that the attachment/file etc. hasn't been scanned
for viruses and trust them to handle it appropriately. In which case
you need to make a very clear policy statement on what 'appropriately'
means (which may vary considerably according to circumstances).
* Or make it a policy not to accept 'difficult' imports such as
encrypted mail. But now you've sacrificed at least one security
principle to enforce another. I can envisage quite a few sets of
circumstances where guaranteeing the integrity of the data
received, validating the source, and preserving privacy, are
much higher priorities than the risk of infection by a (probably
This comes back to my usual point: there's no substitute for good
virus detection at the desktop.
David Harley \ | / alt.comp.virus FAQ
uk \ | / & Anti-Virus Web Page
Support & Security Analyst \ | / Folk London On-Line gig-list
Imperial Cancer Research Fund ____\|/____ http://webworlds.co.uk/dharley/