Valid point, however blocking standard means of transfers would be a worthwhile measure. Yes people can hack clients, but I’‘m not concerned with those users, anyone smart enough to do that could I’'m sure find easier ways to get files in and out of the network.
The more likely threat that bothers me is an internet worm traversing through the jabber network. For this worm to be able to propogate successfully it would have to use file transfer methods that are supported by the majority of clients.
One good thing going for the jabber network is the client diversification so the chances of a traditional worm being able to successfully spread throughout the network are pretty slim, as the worm would have to be able to retrieve and understand the configuration parameters and contacts list for each different client. However, if and when google open up google talk to 3rd party connections the risk to users on the jabber network will increase as a significant amount of users will all be using the same client.
When protecting our e-mail/web users from viruses, spyware, spam etc. I do not rely on any features within the mail client or on the desktop machine - of course desktop measures are also in place - Malicious content gets blocked at the border through e-mail scanners, web filtering, firewalls etc. this is the only sane way to protect a network from internet threats.
A module that spots anomolous messages such as users trying to bypass the filtering via the methods you suggested is also interesting, in this case it is not essential the messages are blocked, an administrator notification and turning up auditing for the conversation is all that is required in this scenario. A malicious employee can be dealt with through employment contracts, provided that appropriate evidence is collected.
The Wildfire server rewriting and brokering requests (turning peer 2 peer into client 2 server 2 client) in such a way that files can be virus scanned and sent through a content filtering mechanism would also be interesting.
I don’‘t have any expectations of any of these features making it into the product, they are ideas into the pot but in the meantime it is unlikely that I’'ll be able to permit communications between our internal server and the outside world.
Perhaps this feature set doesn’'t belong within wildfire and would instead make more sense as some sort of proxy that could sit between any jabber server and the outside world?
Cheers
Jason
(Administrator for a local government site)