Mark Sapiro wrote:
Furthermore, if such a scenario has occurred or did occur in the future, I suspect it would be just an unlucky accident. While I'm sure that a clever worm creator could deliberately try to exploit this potential vulnerability, I don't think the payoff would be sufficient to justify the attack.
First of all, the attack would rely on a list administrator
An attack of this type would not be just for list administrator posts. It would also get past whitelist filters - because the message would come from someone you have already received email from and are much more likely to be accepting email from than some random stranger address. If we haven't seen it it's just because we haven't seen it *yet*. I'm sure spammers are busy working on something like this right now, as a way to create more zombies with their virus/trojan payload.
So I repeat my <soapbox> statement, don't allow attachments to your mailing list. The downside is too great, sooner or later your list WILL end up spreading a virus.
jc
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
