I think the trouble with this attachment is that the whole e-mail is encrypted "in clear" (anybody can decrypt) to save space when you send the e-mail (SSL/TLS includes compression). The trouble is that the whole e-mail is encapsulated inside this signed attachment. Therefore your antivirus may not be able to decrypt, desencapsulate and check each part for viruses. It is best to sign e-mails by adding a S/MIME signature only. The people who do not have S/MIME can still read it. In .p7s form they can't read the e-mail without having s/mime. Hope it helps. cf SSL Certificates HOWTO on www.tldp.org Cheers Franck Martin > -----Original Message----- > From: Michael [mailto:KungFuMan@videotron.ca] > Sent: Thursday, 13 March 2003 8:56 > To: ietf@ietf.org > Subject: .p7s attachment > > > Hi .. I am setting up an exchange server with webshield > installed... While > setting up the virus scanner, I was recommended (by > microsoft) to block .p7s > attachments. > > Since those are certificate files, I am wondering what is the > danger, and > I'd like to know if anyone here could bring me some light... > > Michael > >