[Mailman-Users] Virus Just Got Through on TOTALLY MODERATED list.
JC Dill
lists05 at equinephotoart.com
Sat Jan 29 19:23:28 CET 2005
Mark Sapiro wrote:
>Furthermore, if such a scenario has occurred or did occur in the
>future, I suspect it would be just an unlucky accident. While I'm sure
>that a clever worm creator could deliberately try to exploit this
>potential vulnerability, I don't think the payoff would be sufficient
>to justify the attack.
>
>First of all, the attack would rely on a list administrator
>
An attack of this type would not be just for list administrator posts.
It would also get past whitelist filters - because the message would
come from someone you have already received email from and are much more
likely to be accepting email from than some random stranger address. If
we haven't seen it it's just because we haven't seen it *yet*. I'm sure
spammers are busy working on something like this right now, as a way to
create more zombies with their virus/trojan payload.
So I repeat my <soapbox> statement, don't allow attachments to your
mailing list. The downside is too great, sooner or later your list WILL
end up spreading a virus.
jc
More information about the Mailman-Users
mailing list