I used to work in a small office which provided basic desktop support for users.

Question

I used to work in a small office which provided basic desktop support for users.

One day I had to answer a call from a very angry customer and he asked for my boss. He wanted to know how could one email slip through their spam filter/network-based antivirus software (if there is such a thing, that's what he claimed), and the attachment got filtered/caught by the antivirus software on his desktop.

Till I could reach my boss I had to tell him that a spam filter is not flawless/perfect and sometimes one email mange to pass.

Also to support my claims, I explained to him Gmail themselves allowed that email to attachment despite that his antivirus software had detected and removed it.

Was my explanation right? How would a security expert deal with this situation?

Explanation / Answer

The main function of a SPAM filter is to block anything that looks like a SPAM. The objective of an anti-virus software is to detect and remove anything that possess the signature of a virus (worms included) based on the virus definition installed. Both programs work differently based on different heuristics.

An email that doesn't look like a SPAM may contain a virus. You can't realistically expect a SPAM filter to perform the job of an anti-virus since that is not its primary task. And even with an anti-virus software installed, it is never a foolproof method to eliminate all kinds of virus.

If your SPAM filter keeps a log of the emails that have been blocked, then maybe you can appease your client a bit by showing the unseen good work it has done.

Related Questions

Navigate

• Browse (All)
• Browse I
• Subjects

Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.