[Mailman-Users] Virus Just Got Through on TOTALLY MODERATED list.
Mark Sapiro
msapiro at value.net
Sat Jan 29 03:42:10 CET 2005
Dan Mahoney wrote:
>
>I just had a small problem. A virus was just sent to all the list members
>which had spoofed the moderator's email address. No "requires approval"
>message was sent, despite the fact that everyone (even the moderator) has
>the "mod" bit set to "on".
>
>http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.ba@mm.html
>
>Are there any known and open bugs in 2.1.5 that would allow this behavior?
I don't think so. If as you say, all member's "mod" bit is on, and no
one is in accept_these_nonmembers, and generic_nonmember_action is
other than "Accept", then the only way I know for a message to get
through without explicit moderator action is for the message to
contain an Approved: header (or first line of body) with the list
password. I'd guess that any message generated by a windows e-mail
worm would not have this. Thus, I don't know how it got through.
>Is there any way of telling in the headers (or archives, or logs?) how a
>message was approved?
If it was actually approved, there should be an entry in Mailman's
vette log. If it just "went through", I don't think there is any way
to know why at this point.
--
Mark Sapiro <msapiro at value.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list