[Mailman-Users] Virus Just Got Through on TOTALLY MODERATED list.
Stephanie
stephanie.elsy at gmail.com
Sat Jan 29 09:25:06 CET 2005
On Fri, 28 Jan 2005 22:50:11 -0800, JC Dill <lists05 at equinephotoart.com> wrote:
>
> OK, I'm just speculating here... what if there's a virus/trojan out
> that is able to take email that a user had already sent (email in the
> "sent" folder), and resend it with a virus payload (in this case, the
> beagle.ba virus above)? If it grabbed an email that the moderator had
> sent to the list with the Approved: password included, and just appended
> the virus payload, it would result in what you saw, right? What was the
> subject of the virus-laden email, was it a subject that had been
> previously posted to your list.
The FAQ states that Mailman removes the Approved header before sending
the message out to the list. So the only way for a virus to grab the
Approved header with the password is if the list moderator is infected
and kept a previously sent message with the Approved header.
Certainly possible but not with Beagle (iirc) which creates a new mail
message and only grabs email addresses from existing messages. There
are some viruses which do resend existing messages in the infected
computer's mail folders, adding on the virus attachment, but that
wasn't the case with Beagle.
--
hth,
Stephanie
Links blog: http://alice.ttlg.net/links/
Glenfinnan Web Hosting: http://www.glenfinnan.net/
More information about the Mailman-Users
mailing list