[Mailman-Users] Virus Just Got Through on TOTALLY MODERATED list.

JC Dill lists05 at equinephotoart.com
Sat Jan 29 19:23:28 CET 2005


Mark Sapiro wrote:

>Furthermore, if such a scenario has occurred or did occur in the
>future, I suspect it would be just an unlucky accident. While I'm sure
>that a clever worm creator could deliberately try to exploit this
>potential vulnerability, I don't think the payoff would be sufficient
>to justify the attack.
>
>First of all, the attack would rely on a list administrator 
>

An attack of this type would not be just for list administrator posts.  
It would also get past whitelist filters - because the message would 
come from someone you have already received email from and are much more 
likely to be accepting email from than some random stranger address.  If 
we haven't seen it it's just because we haven't seen it *yet*.  I'm sure 
spammers are busy working on something like this right now, as a way to 
create more zombies with their virus/trojan payload.

So I repeat my <soapbox> statement, don't allow attachments to your 
mailing list.  The downside is too great, sooner or later your list WILL 
end up spreading a virus.

jc





More information about the Mailman-Users mailing list