[Mailman-Users] Virus Just Got Through on TOTALLY MODERATED list.
JC Dill
lists05 at equinephotoart.com
Sat Jan 29 17:50:30 CET 2005
Brad Knowles wrote:
> At 10:50 PM -0800 2005-01-28, JC Dill wrote:
>
>> OK, I'm just speculating here... what if there's a virus/trojan out
>> that
>> is able to take email that a user had already sent (email in the "sent"
>> folder), and resend it with a virus payload (in this case, the
>> beagle.ba
>> virus above)? If it grabbed an email that the moderator had sent
>> to the
>> list with the Approved: password included, and just appended the virus
>> payload, it would result in what you saw, right?
>
>
> One flaw in this theory -- the Approved: header gets stripped
> before the message is posted to the list. The only way the Approved:
> header could get captured by the virus would be if the moderator's
> account is the one that got infected, and the virus pulled the
> approved message out of the "sent" mailbox of the moderator.
Didn't I say that above?
> Even then, most moderators work via the web and not via e-mail, so
> this would be a very low probability of success.
Most moderators use the web to approve email from *others*, but most of
the ones I know who are responsible for originating content for their
list use the approved header when they send the content to their list so
that they don't have to take an additional step of going to the webpage
to approve the message they just sent. My speculation is about this
exact scenario, a moderator who uses the approved header has old email
with that header in their "sent" box, and a virus/trojan grabbed one of
those messages and resent it (with the approved header) with the virus
payload attached.
If it hasn't happened yet, then "yet" is the critical factor. It's
going to happen someday...
jc
More information about the Mailman-Users
mailing list