Quote from: smashed on August 07, 2012, 06:25 pmso do you download them and scan them and then wait until you are offline to view them?You can do that too, but it's more secure to adopt these techniques:- have a machine you view downloaded files on, but which cannot be connected to the net (by which I mean you've literally ripped out any bluetooth, wifi or ethernet cards or disabled any integrated cards)- have a virtual machine setup in such a way that it cannot connect to the net, put your downloaded files onto that and read them from there.The 2nd option is cheaper and easier. But if you're going up against a serious adversary (definitely not DEA), then you would choose No.1 and also use that machine as a physical airgap. That is, no USB ports, nothing. Instead you'd type everything over. That kind of security would defeat malware like Flame or Stuxnet (The Iranians did have an airgap, but it failed due to human factors like laziness and stupidity as far as we can tell). Happily, the DEA is incapable of building such software, I think they'd get the chop from a bigger smarter animal if they even tried it on.I suggest the 2nd option. Pine is paranoid, but very much alive.Oh, and careful of zip files too. Which sucks, because we often need to use them. Also, whenever I provide a zip file uploaded some place I also provide a checksum so you can make sure no 'extras' were added to the file while it was on the server. But you should still virus scan it etc in case my machine or myself is compromised, and open it or execute any files from it on a virtual machine as we said before.