Signed messages.

Rose, Bobby brose at MED.WAYNE.EDU
Wed Dec 11 15:46:20 GMT 2002


Isn't the point of a signed message that is coming from the sender
unmolested.  Mailscanner is going have to open it to scan it for
viruses.  You could have a rule to exclude your domain from the spam
scanning but not virus scanning.  This doesn't resolve the problem
though.  Now it's might be possible to have mailscanner check for that
mime-type and not scan it but knowing virus development, an infected
system would give the virus access to the certificate and it could
potentially use it and sign virus infected message.

-----Original Message-----
From: James A. Pattie [mailto:james at PCXPERIENCE.COM] 
Sent: Wednesday, December 11, 2002 10:34 AM
To: MAILSCANNER at JISCMAIL.AC.UK
Subject: Re: Signed messages.


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Mike Kercher wrote:
> James,
>
> Yours in particular come up as invalid.
>
>
>

That's because I've started playing with Certificates.  :)

I guess I'll turn off the S/MIME signing when sending to this list.

- --
James A. Pattie
james at pcxperience.com

Linux  --  SysAdmin / Programmer
Xperience, Inc.
http://www.pcxperience.com/
http://www.xperienceinc.com/

GPG Key Available at http://www.pcxperience.com/gpgkeys/james.html
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE991rWtUXjwPIRLVERAvqjAJ9tNWXMquGfsZqhZ4ZCo6aGC6ATzQCggspb
xhjgWYVmrsWvufA+aye2Lq0=
=MOxH
-----END PGP SIGNATURE-----


--
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.




More information about the MailScanner mailing list