I think pauls point may be:
If they use text based mailers
I know, intrinsically safe is good but that's not what managment
wants so you end up with bodges to make their choices safer. Some
people may go too far
It's a lot harder to open up a microsoft executable on a *nix
machine than a windows machine.
We have ongoing pressure to switch to MS based systems to tie in with
corporate stuff (being a Unix island is hard) so this problem interests
me, we've thought about filtering but more extracting info where
possible rather than rejecting (so your text/plain would get turned
into plain text). We'd reject html only along with various document formats
If your abuse desk can't take the complaint, you can't do anything
about it. The abuse/security desks are in most cases small, understaffed
and hidden to prevent them from being overworked yet do enough that
you're not called a spam/abuse harborer.
Often filtered through a front desk that risk breaking it
or running it.
I think holding those messages somewhere someone with a clue can look
at them if they need to and only passing plain text through
intermediate systems & people is best. We'd like to be able to see the
virus for forensics so we're not going to be allowed to get these
messages anywhere near Exchange anyway.
brandon
brandon@rd.bbc.co.uk (Brandon Butterworth) writes:
> I think pauls point may be:
> If they use text based mailers
"text based" is not what i'd require. "professional grade" is the right term.
that can be anything from "xmh" to "eudora" as long as it was written to stand
up to the worst the internet is capable of delivering to it. "text based" is
my own preferred crutch but you don't need "text based" to get "professional
grade".
I think holding those messages somewhere someone with a clue can look at
them if they need to and only passing plain text through intermediate
systems & people is best. We'd like to be able to see the virus for
forensics so we're not going to be allowed to get these messages anywhere
near Exchange anyway.
you sure as hell need to be able to look at them, and to know they're present.
bouncing them or stripping them are signs of extreme ignorance/irresponsibility
and the people who sell/buy/deploy/whatever the technology that strips or
bounces mime attachments "because of what they might contain" should get a
clue.
Paul Vixie wrote:
"text based" is not what i'd require. "professional grade" is the right term.
that can be anything from "xmh" to "eudora" as long as it was written to stand
up to the worst the internet is capable of delivering to it. "text based" is
my own preferred crutch but you don't need "text based" to get "professional
grade".
Is there a reason everyone leaves out poor lil' Mozilla which, while having a few quirks now and then, far out-performs the M$ code. Let's see. Better built in filtering (especially with imap), good thread support, support for simple html to allow partial rendering without setting off those spy tags, and the list goes on.
you sure as hell need to be able to look at them, and to know they're present.
bouncing them or stripping them are signs of extreme ignorance/irresponsibility
and the people who sell/buy/deploy/whatever the technology that strips or
bounces mime attachments "because of what they might contain" should get a
clue.
Ignorance is the commonality of the Internet.
-Jack