At 10:50 PM -0800 2005-01-28, JC Dill wrote:
OK, I'm just speculating here... what if there's a virus/trojan out that is able to take email that a user had already sent (email in the "sent" folder), and resend it with a virus payload (in this case, the beagle.ba virus above)? If it grabbed an email that the moderator had sent to the list with the Approved: password included, and just appended the virus payload, it would result in what you saw, right?
One flaw in this theory -- the Approved: header gets stripped before the message is posted to the list. The only way the Approved: header could get captured by the virus would be if the moderator's account is the one that got infected, and the virus pulled the approved message out of the "sent" mailbox of the moderator.
Even then, most moderators work via the web and not via e-mail, so this would be a very low probability of success.
<soapbox> This is why my lists don't allow any attachments at all. IMHO, the "benefits" of making it easy for people to send files to a mailing list are outweighed by the "costs" (when a virus gets thru). I tell posters to put the file on a server and then email a post with a link to the file. </soapbox>
Agreed. E-mail should not be abused as a file transfer protocol. There are better ways to handle that issue.
-- Brad Knowles, <[EMAIL PROTECTED]>
"Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety."
-- Benjamin Franklin (1706-1790), reply of the Pennsylvania
Assembly to the Governor, November 11, 1755SAGE member since 1995. See <http://www.sage.org/> for more info. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
