Brad Knowles wrote:
At 8:50 AM -0800 2005-01-29, JC Dill wrote:
Didn't I say that above?
Not that I saw, no. What I read of your message indicated that the virus had infected a normal user and pulled a message out of their sent folder, which would not have had the Approved: header.
In my first post in this thread I wrote:
"what if there's a virus/trojan out that is able to take email that a user had already sent (email in the "sent" folder), and resend it with a virus payload (in this case, the beagle.ba virus above)? If it grabbed an email that the moderator had sent to the list with the Approved: password included, and just appended the virus payload, it would result in what you saw, right?"
Most moderators I know of don't need to use the Approved: header, because they themselves are not moderated on their own lists. But then maybe you know more moderators than I do.
The ones I know that do this elect to use this method to prevent forged posts "from" them to their one-way (newsletter) lists. If all posts must be approved one way or another, then random forged posts (using addresses found on a victim's computer) won't get distributed to the list. But if a virus/trojan goes a step further and instead of just using address found it uses actual previously sent email, and there is saved email with the Approved: header, then that virus/trojan would be able to forge a post to the list that would have the Approved: header, and thus be distributed to the list.
jc
------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
