Virus Checking Encrypted Email - Exchange & AD

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

Sorry if this sounds like a dumb question, but what process is in place
for virus scanning encrypted emails, when a MS CA PKI is implemented in
an Active Directory Infrastructure?

We have Norton AV for Exchange 2000 but.....Are Encrypted email allowed
to pass right through unchecked? wow major prob with this - obviously
but......

How can they be decrypted and checked for virus, given they are sealed
for a specific person?

Thanks

Ian

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

In article <1117055978.057769.311410@g14g2000cwa.googlegroups.com>,
ian@expandableit.co.uk says...
>
> Sorry if this sounds like a dumb question, but what process is in place
> for virus scanning encrypted emails, when a MS CA PKI is implemented in
> an Active Directory Infrastructure?
>
> We have Norton AV for Exchange 2000 but.....Are Encrypted email allowed
> to pass right through unchecked? wow major prob with this - obviously
> but......
>
> How can they be decrypted and checked for virus, given they are sealed
> for a specific person?
>
> Thanks
>
> Ian
>
>
The only solution would be to implement gateway encryption, so that the
email enters and exits the email server unencrypted, but is encrypted at
a gateway when delivered externally.

There is no default recovery agent, etc as there is with EFS.

Brian
--
==
Brian Komar
MVP - Windows - Security
http://www.identit.ca/blogs/brian

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

I am amazed at that, thats like a whole big feature practically unused
then because emails that are encrypted either need some third party or
some clever gateway...I would have thought that since the Exchange
server (being the AD authorised Email server) would have been able to
decrypt message sent to someone in the AD it serves. Even if the Admin
didnt have that low level acces I would have though AD / Exchange could
have been granted it.

Thats Nuts

BTW- thanks for the Reply Brian

 

[Guest]

Archived from groups: microsoft.public.win2000.security (More info?)

In article <1117147956.438335.290010@g14g2000cwa.googlegroups.com>,
ian@expandableit.co.uk says...
> I am amazed at that, thats like a whole big feature practically unused
> then because emails that are encrypted either need some third party or
> some clever gateway...I would have thought that since the Exchange
> server (being the AD authorised Email server) would have been able to
> decrypt message sent to someone in the AD it serves. Even if the Admin
> didnt have that low level acces I would have though AD / Exchange could
> have been granted it.
>
> Thats Nuts
>
> BTW- thanks for the Reply Brian
>
>
That does not follow the RFC. The email encryption/decryption only
takes place on the email client. The email server, to be blunt, is quite
dumb. It just delivers the mail to the appropriate server when sending
and to the appropriate mailbox when receiving.

Brian
--
==
Brian Komar
MVP - Windows - Security
http://www.identit.ca/blogs/brian