Solving AV attachment problem

Discussion in 'other software & services' started by Mrkvonic, Apr 16, 2007.

Thread Status:
Not open for further replies.
  1. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,

    I was thinking after reading the thread about recent virus storms (gales, more like it). And I have a solution.

    Email correspondence should be restricted to text only. After all, when people were writing letters to one another 20 years ago, they did not "upload" images and stuff to their envelopes.

    Attachments?

    Simple. A separate email called amail (attachment mail).

    Rules:

    1. INCOMING password for amail. Anyone who wants to send the amail must include this password in a special field. Otherwise, it gets rejected.

    To send an attachment to someone, you must ASK the person you wish to send the amail for permission AND for the relevant password.

    2. Ability to setup several sub-boxes for different incoming:
    - work
    - friends
    - personal

    3. Finally, when someone wants to download the attachment and use it:
    - Optional anti-virus scan
    - Optional sandboxed emulation

    Feel free to discuss.
    Mrk
     
  2. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    I delete all my emails from an unknown source without opening them, I'm not even curious, so attachments are not a problem.
    Why would I pay attention to somebody's email, if he/she has stolen my email-address already. That's like kissing a thief after he stole your wallet.

    My suggestion as always : place a striking banner on top of each email-software to warn people against spam/attachments and provide a link to a website that explains everything about spam, especially for people new to internet, because these people are usually the first victims.
    If you don't need the banner anymore, turn it OFF.
     
    Last edited: Apr 16, 2007
  3. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    it sounds like a solution to a problem that doesnt really exist.
    i have never got an email attachment that is a virus in the years i have had my bt email address.
    my dad only once got an email attachment that was a virus and i got him to just delete the email.

    two step guide to stopping virus threats in emails and email attachments+-
    1. all it takes to stop emails with viruses embedded in emails is to set all emails to display in plain text in your email client.

    2. to stop email attachment viruses delete all emails coming for an unknown source.
    if you get an email from a friend with an attachment and you smell a rat in the file name,body text or subject 1. you make sure no one in your house opens the attachment. 2. you contact the person the emails is from to make sure its really from them.

    to sum it up common sence wins the war against malware once again!
    lodore
     
  4. pugmug

    pugmug Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    413
    Seems most infections come from family or friends email that have no clue their computer is infected.Text only is correct but just use a program that you can read your email off your ISP server without downloading and after reading download what you want and send the other crap back to who ever sent it to you.Works for me and has for a long time.
     
  5. Mrkvonic

    Mrkvonic Linux Systems Expert

    Joined:
    May 9, 2005
    Posts:
    8,695
    Hello,
    I'm talking about a solution where you cannot afford to have a network breach and must use email + attachments. Not talking about ME and YOU.
    Mrk
     
  6. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    A solution that all on my mailing list use is that we include our nickname in the *subject* line when sending attachments.

    Also, we describe more than "here is your photo" with info that a auto-bot wouldn't know.

    This prevents unknowingly opening something from someone on our list that was sent from a friend's/family's infected computer.

    And, of course, no attachments from unknown sources are opened, and email is read in text-mode.

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  7. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    - Subscribe to a mail server which filters executables and scan for viruses and spam.
    - If something unknown passes your mail server, dump it.
    - Mail must be read in text-only mode.
    - Attachments (docs, pdf, archives, etc) originated from your friends/coworkers/family should be uploaded to Jotti or Virustotal.
    - Execute attachments in a virtualized environment (VMs, sandbox, both :D)

    Requiring passwords to send attachments seems a very good idea.
     
  8. pugmug

    pugmug Registered Member

    Joined:
    Oct 23, 2006
    Posts:
    413
    To sum up my stance,if you do not know me do not email me.If you know me do not email me,pick up the phone if what you have to say is that important.
     
Loading...
Thread Status:
Not open for further replies.