[Dshield] smart spam

Laurent Saplairoles lsaplai at megassistance.com
Fri Mar 25 01:30:54 GMT 2005



On 23 Mar 2005 at 19:31, Taps wrote:

> => It is probably not new to some/most of you but I find some 
> => spammers are getting smarter! Fortunately, (1) the "harmful" 
> => content of the message was simply a .gif ad, (2) I am 
> => displaying the text version of the message by default (If 
> => there is one) and (3) I (and all my office) am using a mail 
> => client that is imprevious to any kind of malware (Pegasus 
> => Mail from David Harris). However, some less fortunate 
> => persons could have found themselves stacked by malware right away.
> 
> Umm..... I would never tout any product "as impervious".  Its just
> asking for trouble.

Thanks for your comments Taps.

I know about this one, I did it "on purpose". Of course there are situation that will crash 
Pegasus (there's a nasty gif image that tends to crash the current version. This is 
apparently fixed in the next release) and somebody might be able to design malware 
targeting it (There was a virus a few years back that was using a design flaw, but 
nothing major and it was quickly fixed). However, Pegasus is safe in the sense that it 
will not execute anything automatically: it is simply not designed for that. So any virus, 
malware, script... that is received will simply sit there until the user takes an action. 
There are a whole bunch of extensions that Pegasus would simply refuse to launch. 
The user would have to save to disk and launch from there. Furthermore it will not 
download any component (linkded images...) from the Internet without a specific 
request from the user and then it will only do it after a lengthy warning.

So, of course it is not impervious but it is fairly safe, as long as your users behave 
themselves.

It is part of my policy to implement application that have a good reputation in terms of 
security. I do not feel that I am trading off for ease of use in any way. I just try to keep 
application where they belong: restricted to the desktop, to the LAN or allowed to go on 
the Internet (web browser and anti-virus update only). It works well for us.

Cheers!

-- 
Laurent Saplairoles
IT Manager
www.megassistance.com




More information about the list mailing list