[Spambayes] Spambayes pwning me?

Fu fu at fu.org
Mon Aug 18 01:10:13 CEST 2008


To clarify, I'm not concerned about SpamBayes having malignant code in it, but if it has a DEP issue, that issue could be exploited to create an email worm that replicated without me ever having to open the email.

Microsoft enabled DEP in Windows to protect us from flaws in software that could lead to this type of situation.  Suggesting that users disable DEP is irresponsible.  If there is a DEP issue in SpamBayes, fix it.  If there is a DEP issue in Outlook when dealing with add-ins, if enough people report it, Microsoft will fix it.

-----Original Message-----
From: Amedee Van Gasse [mailto:amedee at amedee.be]
Sent: Sunday, August 17, 2008 2:13 PM
To: Fu
Cc: spambayes at python.org
Subject: Re: [Spambayes] Spambayes pwning me?

Fu schreef:
> After having Spambayes crash constantly on my new machine I found
> this FAQ section:
> http://spambayes.sourceforge.net/faq.html#after-installing-spambayes-outlook-crashes-and-then-asks-for-the-plug-in-to-be-disabled.
> Is it known if this issue is in Spambayes or in Outlook?  Anything
> that's triggering DEP has the potential for an email virus written
> all over it.  If the issue is in Spambayes, it should be a top
> priority to get fixed.  If the issue is in Outlook, we should be
> bring it to Microsoft's attention to get a security patch ASAP.
>
> I'm now afraid of my former favorite piece of software.
>

Hello Fu,

Spambayes is open source, so you can check the code yourself to see if
there is anything nasty in it.
If you want to convince Microsoft to change anything: good luck. My
company, who has a bigger revenue and more eployees than Microsoft, was
not able to move Microsoft even for an attoparsec concerning some other
silly software "feature" (aka bug).
If you want to change Spambayes yourself, I think that the developers
will be very happy if you submit a patch.

--
Amedee


More information about the SpamBayes mailing list