[Mailman-Users] Are any attachments ok to allow on a listserv?
Mark Sapiro
mark at msapiro.net
Mon Jan 17 17:50:10 CET 2011
Ruth Indeck wrote:
>Many people say that the best thing is not to allow attachments at all on a listserv.
Please see the FAQ at
<http://wiki.list.org/display/DOC/Mailman+is+not+Listserv>.
>Other people think pdfs are ok (except some are too big for old machines to donwload).
>
>I also heard that a virus file could take on a fake extention, like .pdf, and fool people.
I have heard that there were vulnerabilities in some PDF readers that
could be exploited with malicious PDFs, but I don't know how big a
risk this is.
As far as fake extensions/MIME types are concerned, it is entirely
possible to put malware in a text/plain part with a .txt extension.
The question is what will the MUA or the file manager do with that
file when you try to open it. In other words, if the virus comes with
a faked benign extension, it is unlikely that the application that
opens the file will actually execute the viral code.
I'm not saying one should be complacent. I would recommend not allowing
anything but plain text and perhaps a few carefully considered image
and/or PDF types if the list's purpose requires it on a list with open
subscription. On the other hand, if the list is closed and you know
the members, you might be safe with no content filtering at all.
Others may have additional or conflicting opinions.
--
Mark Sapiro <mark at msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
More information about the Mailman-Users
mailing list