Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 24 Mar 2016 10:02:18 -0500 (CDT)
From:      "Valeri Galtsev" <galtsev@kicp.uchicago.edu>
To:        "Olivier Nicole" <Olivier.Nicole@cs.ait.ac.th>
Cc:        galtsev@kicp.uchicago.edu, questions@freebsd.org
Subject:   Re: Anti-virus for FreeBSD
Message-ID:  <30820.128.135.52.6.1458831738.squirrel@cosmo.uchicago.edu>
In-Reply-To: <wu77fgszdcm.fsf@banyan.cs.ait.ac.th>
References:  <wu77fgszdcm.fsf@banyan.cs.ait.ac.th>

next in thread | previous in thread | raw e-mail | index | archive | help

On Wed, March 23, 2016 11:52 pm, Olivier Nicole wrote:
> Valeri,
>
>> However, to scan something with _that_ antivirus, you have to run their
>> binary code on one of your machines, right? Of course, one can feel
>> awfully smart (what!, say, I'm running some code on some system that
>> does
>> nothing else but that code, and has no way to talk to anything apart
>> from
>> getting what to scan and returning scanned...).
>
> Not to that extend, but the mail server does only mail.
>
>> I myself to the contrary
>> prefer to consider myself stupid when security of my boxes and privacy
>> of
>> my users are concerned. So stupid that I can easily be outsmarted by any
>> of CIA, KGB, MI-6 and alike. Which definitely is 100% true, they easily
>> will outsmart me having all their resources. So I just try to keep away
>> from anything that potentially could have been touched by their hands.
>> That's the only thing I tried to say, and apparently failed ;-)
>
> You did not failed. But :)
>
> If I have to have secured email, I will secure it on my workstation
> before I even pass it to the mail system.
>
> Why worrying about the anti virus being able to spy on my email if I am
> about to send it to the world (through many email relay that I have no
> control upon whatsoever) in clear text?

This is one thing in [system] security that we often tend to overlook.
Penetration happens one tiny little step at a time. Say, you are running
[some untrustworthy] code on your machine (or system) solely dedicated to
scanning mail. You feel safe about mail. But you already let some
potentially unfriendly one to run his code on your system. One tiny step
on his part is already achieved with your consent. This is what I was
trying to say. We used to say about security part of our sysadmins duties:
paranoia is in my job description. And I apparently failed to stress it
enough. It looks like I definitely had much better in that respect
teachers than I can be (well, not thinking of myself as a teacher, but a
person trying to pass the point along).

Valeri

>
> If the message is dully encrypted, then the anti virus, nor any bad guy
> should be able to spy on it. If the message is clear text, I must not
> worry too much about the privacy of its contents.
>
> Best regards,
>
> Olivier
>
>
> _______________________________________________
> freebsd-questions@freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
> "freebsd-questions-unsubscribe@freebsd.org"
>


++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?30820.128.135.52.6.1458831738.squirrel>