|
|
| Detailed Description |
goto:
|
You will be asked to sign the message using your private key:
Receiving e-mail
If this is the first time you have received secure e-mail from a particular person with a self-signed certificate, you will receive a warning that you do not trust the certificate (the default for receiving any self-signed certificate is not to trust it, see screenshot below. Certificates issued by a trusted CA are validated by a certificate chain, and therefore no warning will be displayed for the messages signed with such certificates providing they are valid. Reflex MailSafe Client will check the validity of such a certificate by accessing the CRL referred to by the certificate in question, more on this later.
 Once you have established the link between a sender and his or her certificates, secure e-mail can routinely be exchanged. All secure messages are identified by the padlock icon displayed in the Inbox listing. When you first receive a secure message, it will show the paper-clip icon indicating there is an attachment. This is because the process of encrypting a message turns it into a secure attachment. It remains that way during transit and the message is only re-instated (along with any attachments) when the private key password is given and the message is opened.
Automatic Content Checking
Reflex MailSafe Client will automatically check the content of e-mail to be sent or received for potentially dangerous or specifically malicious code, when appropriate. By the phrase "when appropriate" we mean there is absolutely no point in checking a plain text e-mail that has no attachment, since this cannot contain any "extra or hidden" code. If however the e-mail has an attachment of any kind or is written in HTML code the risk factor is evident. In today's world we need to concern ourselves with viruses that maybe included with an attachment, Trojan horses that can be attached to the e-mail or concealed within the HTML code, java scripts, ActiveX and VBS code.
Reflex MailSafe has two lines of defence for this type of threat:
Firstly any e-mail received is probed to discover if it contains active code (i.e. java scripts, ActiveX). If this code is found it is routinely disabled and the e-mail is presented to the user minus this active code. This probe is done after the e-mail has been decrypted, in the case of encrypted e-mail but before the user has access to it. It does not affect the users ability to receive email formatted using HTML.
Nor does it prevent the user from reading the message, once the active code has been automatically removed.
 Secondly any e-mail either sent or received, where appropriate can be scanned for viruses using either Reflex Sherlock or a third party virus scanner. As seen on the right.
Installed Antivirus Software - this window will list all of the anti-virus software that Reflex MailSafe can identify. In this case it is the Reflex Sherlock product. For security reasons scanning engines are identified by Reflex MailSafe by means of a digital certificate issued by Reflex. As new versions of engines are released updated .DAT files containing these digital certificates can be obtained from reflex-magnetics.com/?
The following is a message box displayed when Reflex MailSafe client is checking an incoming e-mail written in HTML for active content.
If any active content is found this will be disabled and the message displayed in the normal way.
|
|
