[Mailman-Users] Virus Just Got Through on TOTALLY MODERATED list.
Brad Knowles
brad at stop.mail-abuse.org
Sat Jan 29 11:52:48 CET 2005
At 10:50 PM -0800 2005-01-28, JC Dill wrote:
> OK, I'm just speculating here... what if there's a virus/trojan out that
> is able to take email that a user had already sent (email in the "sent"
> folder), and resend it with a virus payload (in this case, the beagle.ba
> virus above)? If it grabbed an email that the moderator had sent to the
> list with the Approved: password included, and just appended the virus
> payload, it would result in what you saw, right?
One flaw in this theory -- the Approved: header gets stripped
before the message is posted to the list. The only way the Approved:
header could get captured by the virus would be if the moderator's
account is the one that got infected, and the virus pulled the
approved message out of the "sent" mailbox of the moderator.
Even then, most moderators work via the web and not via e-mail,
so this would be a very low probability of success.
> <soapbox>
> This is why my lists don't allow any attachments at all. IMHO, the
> "benefits" of making it easy for people to send files to a mailing
> list are outweighed by the "costs" (when a virus gets thru). I tell
> posters to put the file on a server and then email a post with a link
> to the file.
> </soapbox>
Agreed. E-mail should not be abused as a file transfer protocol.
There are better ways to handle that issue.
--
Brad Knowles, <brad at stop.mail-abuse.org>
"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755
SAGE member since 1995. See <http://www.sage.org/> for more info.
More information about the Mailman-Users
mailing list