Boston Linux & Unix (BLU) Home | Calendar | Mail Lists | List Archives | Desktop SIG | Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings
Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU

BLU Discuss list archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

HTML to Text only emails...



On Sun, Aug 17, 2003 at 11:50:20AM -0400, Wizard wrote:
> A company that I do work for, in an effort to protect itself from it's own
> lusers, is considering parsing emails so that any external HREFs inside the
> email point to http://localhost. They are also going to parse out all
> attachments to a central intranet location, where they will be reviewed by
> admins for legitimacy before being forwarded to the addressee. Can anyone
> see any problems with this strategy? 

Aside from making lots of sh!t work for the admins, there's one big
one: privacy.

Everyone here knows that, regardless of who owns the computing
resources, etc., people who are at work receive personal, sometimes
very private, e-mail at work.  If someone else is reviewing your file
attachments, potentially serious problems could result.  Such
attachments could conceivably contain wage information, medical
information, job offers, confidential business details, etc.  Having
attachments reviewed by persons other than the intended recipient
opens up a whole messy can of law-suit worms.

Depending on how large the company is, I think it really is worth
pointing out that this scheme may require one or more dedicated people
to review attachments.  And then, the person to who they were sent
still has to look at them anyway...  In practical terms, the amount of
time having attachments reveiwed may end up being more than the amount
of man-hours spent cleaning up from a virus infestation.

A better approach is something suggested here recently: identify
malicious attachments at the mail server, and remove them.  You can
define malicious any way you like.  The definition I favor is, "any
attachment which is likely to contain executable or interpreted code
which the target client is likely to execute."  That would include
windows .exe, .com, .pif, and .scr files, as well as anything
containing Active X controls, or visual basic code.  Did I get 'em
all?  As we know from experience, it is not enough to look at the
extensions, or even the MIME types of such attachments.  You must
actually look at the attachment to see what it contains.

This doesn't solve the problem for word macro viruses.  You'd still
need to resort to a virus scan or some other program capable of
identifying word macro viruses.  Or just ban MS-Office attachments,
which is a solution I personally quite like, though you'll never sell
the marketroids on it...

-- 
Derek D. Martin
http://www.pizzashack.org/
GPG Key ID: 0xDFBEAD02
-=-=-=-=-
This message is posted from an invalid address.
Replying to it will result in undeliverable mail.
Sorry for the inconvenience.  Thank the spammers.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.blu.org/pipermail/discuss/attachments/20030817/ce82b766/attachment.sig>



BLU is a member of BostonUserGroups
BLU is a member of BostonUserGroups
We also thank MIT for the use of their facilities.

Valid HTML 4.01! Valid CSS!



Boston Linux & Unix / webmaster@blu.org