Email attachment filtering

[FTTP subscriber]

> Maybe I am a little confused, how would they be able to tell the type of file if it is encrypted?

The UNIX command file tells a file's type by its "magic number." A similar mechanism probably exists for determining encryption.

> Unless you want them to filter out certain types of encryption? If they could filter by type of file, would it go to a graymail like system?

The logic and granularity would be up to the implementer(s).

[vbrobert]

Have you considered using Pine on shell.sonic.net? That would prevent you from downloading the files to your computer. Webmail would also work but Pine is the way to go for complete security.

[FTTN subscriber]

> Have you considered using Pine on shell.sonic.net?

Mutt is what I use on shell.sonic.net. But risk avoidance isn't risk prevention.

> That would prevent you from downloading the files to your computer. Webmail would also work but Pine is the way to go for complete security.

Since I do forward my shell account messages to my PC, attachments not currently filtered by the Sonic mail server still reach me.

I'm just requesting such filtering be made more rigorous.

[vbrobert]

I think your idea is a valid one. Kind of like how police robots don't stop terrorists. I am just trying to get a better idea of what it would actually look like so that it has a better chance of implementation. I don't know much about encrypted viruses. Is there a type of encryption that viruses use but no one else does? That would make your magic number idea work for sure. Is there types of encryption that viruses can't use? If so, everyone should just use that encryption.

[FTTN subscriber]

> I am just trying to get a better idea of what it would actually look like so that it has a better chance of implementation.

Whoa. Have I been talking with a member of Sonic Development? Nice to meet you. :)

> Is there a type of encryption that viruses use but no one else does? That would make your magic number idea work for sure. Is there types of encryption that viruses can't use? If so, everyone should just use that encryption.

I have no idea. Anyhow, narrow assumptions about encryption of malware that's always in flux are best avoided.

It'd be great if Member Tools options exist that allow filtering of encrypted and compressed attachments. Distinguishing between encryption/compression types is probably overkill. The default of course is to let everything not otherwise flagged through, as before.

As with SpamAssassin, false/overzealous rejection is always a possibility. But the user gets to sleep in the bed s/he made.

[vbrobert]

> Whoa. Have I been talking with a member of Sonic Development? Nice to meet you.

I am just an artist but the pleasure is all mine. I created this visual I hope it helps.

[FTTN subscriber]

> Additional SPAM options:
> o Send me encrypted / compressed viruses
> o Dont send me encrypted / compressed viruses

(where each preceding 'o' is a radio button - I don't know how to post images.)

I'd reword as follows:

Additional options:
* Block encrypted attachments
* Block compressed attachments

where each '*' is a checkbox (since these two kinds of attachments aren't mutually exclusive).

Viruses are just one among many kinds of malware that can exploit encryption or compression (with a password) to evade detection. Spam is in general not categorized under malware.

I personally wouldn't mind whole messages being blocked along with their attachments. (Throw the baby out with the bath water. Yay! :)) Other users may still want message bodies through, with only the attachments blocked. I have no idea if partial blockage is feasible, though.

Compared to regular virus scanning, these additional blocking options should be much less resource-intensive, especially if hardware assistance is available.

Thanks a lot in advance.

[vbrobert]

Just to clarify further, I don't work for Sonic at all. Just another hungry artist looking for work. I think we are really on to something here. I checked Google mail, Yahoo mail and AOL and I can't find options on any of these sites. This could be HUGE. Contact me via private message and we can work out the business details. Let me know what you think the idea is worth.

[FTTN subscriber]

Since it should help reduce security breaches, an option to block attachments is a worthy addition to regular virus screening.

OTOH, I would rather not attach a price tag to the idea. I'm unlikely the first person to think of it, so can't take credit.

[vbrobert]

Michael Jordan didn't invent the Air Jordan. My point is that if you want to reconsider, hit me up. I think we can make a lot of money on this gold. If you think others thought of it first, then why do you think places aren’t using it?