[Mailman-Users] Virus Just Got Through on TOTALLY MODERATED list.

Brad Knowles brad at stop.mail-abuse.org
Sat Jan 29 19:41:23 CET 2005

At 8:50 AM -0800 2005-01-29, JC Dill wrote:

>  Didn't I say that above?

	Not that I saw, no.  What I read of your message indicated that 
the virus had infected a normal user and pulled a message out of 
their sent folder, which would not have had the Approved: header.

>>      Even then, most moderators work via the web and not via e-mail, so
>>  this would be a very low probability of success.
>  Most moderators use the web to approve email from *others*, but most
>  of the ones I know who are responsible for originating content for
>  their list use the approved header when they send the content to their
>  list so that they don't have to take an additional step of going to
>  the webpage to approve the message they just sent.

	Most moderators I know of don't need to use the Approved: header, 
because they themselves are not moderated on their own lists.  But 
then maybe you know more moderators than I do.

>  If it hasn't happened yet, then "yet" is the critical factor.  It's
>  going to happen someday...

	True enough.

	I still think it's a lot of work for a virus to go through, but 
when they do finally run into a moderator that uses this technique, 
there is a high chance of successful transmission to a large number 
of other targets.

	I guess the question is when does the probability go up enough 
that the payoff justifies the amount of input work?

Brad Knowles, <brad at stop.mail-abuse.org>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

     -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
     Assembly to the Governor, November 11, 1755

   SAGE member since 1995.  See <http://www.sage.org/> for more info.

More information about the Mailman-Users mailing list