Virus-fighting needs better boundaries: Sophos

A tightening up of the standards applying to MIME boundaries — which separate parts of an email — would help fight viruses, suggests Paul Ducklin, head of technology for the Asia-Pacific region for Sophos.

And some of the filters themselves could probably do with a re-examination as to how they handle the boundaries. Some messages do not properly separate the text of an email from an attachment. A filter may erroneously pass the attachment supposing it to be part of the text. Some viruses like this can be triggered as soon as the “text” arrives in the inbox, with no unguarded action required on the part of the recipient.

Just as much trouble could be caused if a filter recognises the mail as a virus, bounces it to a supposed sender (probably a false address) but does not cleanly detach the virus code due to an obscure MIME boundary.

Both standards relating to MIME boundaries and the way filters handle them might benefit from re-examination and tightening, he says.

Ducklin, in conversation with Computerworld at the recent Sophos spam forum in Sydney, agrees with the suggestion that erroneous virus bounces to users whose addressed have been forged threaten to constitute a significant sub-class of spam.

Join the newsletter!

Error: Please check your email address.

More about Sophos

Show Comments
[]