@dgharmon: Re: Live virus samples?
Thanks for the links, but computing security has to work with the systems we've got while attempting to develop the ones we'd like. As these links state, the fact is that too often OPEN can lead to RUN through buffer overflow vulnerabilities. Regardless of the state of systems imperfection - there's also the issue that some nosy fool won't be able to try running something copied out of a buffer somewhere if encrypted, and I'd rather be part of the solution than part of the problem. I may also consider antivirus a weak part of a larger solution . But my server systems built based on a cryptographically-assured software supply chain also happen to transmit wanted stuff through email list hosting sent between people I have no control over, so I'd rather my email list management program is less likely to replicate their viruses as a normal part of its email replication function. So I scan for email viruses regardless of the fact my system is very unlikely to execute them.
If one of my email users sends a virus to many others, my other likely to be infected email users won't readily comprehend the distinction which you and I may understand between:
a. a system which replicates viruses because it's infected by them and
b. one which replicates viruses because it doesn't know the viruses are unwanted communications content when it's designed to replicate wanted messages.
So even though I choose neither to run virus-prone software or untrusted executables myself, I still have to scan for the digital diseases of those who use less secured approaches compared to mine.
Then there's the risk of an email being redirected or misaddressed. So I'd rather send a malware sample encrypted against the published public key of an antivirus company - and nowadays other email admins are likely to prevent the unencrypted virus sample getting through using the technique I've applied. But for a year or so in the very early nineties, I still hadn't yet fully realised that scanning for bad software would so rapidly become so ineffective as a total security approach. It's a small layer in my security for reasons explained above. And I'd prefer it to be less important than it is. But I have to deal with systems which exist as well as those I can influence and control.