Dan Mahoney, System Admin wrote:
Guys,
I just had a small problem. A virus was just sent to all the list members which had spoofed the moderator's email address. No "requires approval" message was sent, despite the fact that everyone (even the moderator) has the "mod" bit set to "on".
http://securityresponse.symantec.com/avcenter/venc/data/[EMAIL PROTECTED]
OK, I'm just speculating here... what if there's a virus/trojan out that is able to take email that a user had already sent (email in the "sent" folder), and resend it with a virus payload (in this case, the beagle.ba virus above)? If it grabbed an email that the moderator had sent to the list with the Approved: password included, and just appended the virus payload, it would result in what you saw, right? What was the subject of the virus-laden email, was it a subject that had been previously posted to your list.
<soapbox>
This is why my lists don't allow any attachments at all. IMHO, the "benefits" of making it easy for people to send files to a mailing list are outweighed by the "costs" (when a virus gets thru). I tell posters to put the file on a server and then email a post with a link to the file.
</soapbox>
jc
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
