[Avcheck] avcache announcement
Ralf Hildebrandt
Ralf.Hildebrandt@charite.de
Thu, 14 Mar 2002 17:09:47 +0100
On Thu, Mar 14, 2002 at 07:04:45PM +0300, Michael Tokarev wrote:
> My question remains: WHY this is needed? Why someone may want to
> infect you this way? If this bad guy *want* to infect my computer,
> there are far better ways to do so -- e.g. sending password-protected
> "Windows Security Update" ("this update was protected by a password
> "secret" in order to ensure it's integrity" -- typical luser will
> belive this), or directing browser to infected website, etc etc etc.
> It's impractical to determine how mail antivirus software works in
> this case.
It should be secure by design: It easy to forge a Message-Id:, but
it's hard to create a md5 checksum collision.
> This is a reason to NOT treat any "X-AV-State: clean" or the like header
> in the email, since once this practice becomes common, viruses will use
> it as well. But the point is *common*, i.e. common enouth that someone
> will actually want to use such "defect" in virus protection system.
I bet they will. In fact, I HOPE they will!
> Maybe someone will write a virus specially for one organization...
Like the government, which would suck big time. I wouldn't like to be
found with concrete boots on the bottom of the Atlantic.
> BTW, with avcache, virusscanning process may be slowed down as well as
> speeded up. Speedup will be in rare cases, usually this will be slowdown
> (additional unnecessary md5sums, that is).
Correct. We have to try and see how it performs.
--
Ralf Hildebrandt (Im Auftrag des Referat V A) Ralf.Hildebrandt@charite.de
Charite Campus Virchow-Klinikum Tel. +49 (0)30-450 570-155
Referat V A - Kommunikationsnetze - Fax. +49 (0)30-450 570-916
If all the salmon caught in Canada in one year were laid end to end
across the Sahara Desert, the smell would be absolutely awful.