* Gnus vulnerable to virus?
@ 2005-12-12 17:35 David Abrahams
2005-12-12 18:32 ` Reiner Steib
0 siblings, 1 reply; 2+ messages in thread
From: David Abrahams @ 2005-12-12 17:35 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 419 bytes --]
I have always thought, smugly, that by using Gnus I was insulating
myself from viruses. However, when I looked at the enclosed email
under NTEmacs, I got a dialog box saying that no known program could
open mm.304-VK (actually, the characters after "mm." vary each time I
look at the email). This seems like it's a few bytes away from being
able to run arbitrary programs.
Any clues what might be going on here?
[-- Attachment #2: possible-virus.bz2 --]
[-- Type: application/octet-stream, Size: 3567 bytes --]
BZh91AY&SYN²u\0\x04Äßp°}oÿÿÿÿÿú¿ÿÿð`\f^åêúUîíß5öosïj}\x1aJpÍ»ï¼û·»ë>ëãî¹ï[:¾v\x1aBbdL2\x1a4\x03@§¦&\x13F©¦£CCFÐj M10M\x19\x1a0\x11£F\x110\x04Ú&Ò\x14Ú\0a¤*~'¡4õSý êQ§´ÔÅ6
dÉ´Ù)å=@Í54\0J!0M =SÒ~\x13ñM=&Ñ3"4L\x11\0J\x11\rF\x1a\x05=ª\x18Ê=M¦§µ\f¦M\x1aiµ4ÓF\x04¢ &h§¦ô\x11=¤§é\rOPÊ{Te\x1a&¦¤\vVLp[á6³Ð<©mQXºÝô[Iqá\x10ȲÁ\bëÿ¾¿¿_óq`^¾¤D9\x1fÛ\x1e{e³\x180fö#\x1f5\x7fÿ\x1c8éw{|üE÷\fi9O;4Û6QúB\x1d \x03wv\x12Ç\x17Õ6\x11é\x1f\x19U<\x11Ý.©ÜótU§\x7f\x05cMêÈã
?\x18½ö')§LfQ"¯ÕðÄi%$ª¨ÛYfH\mº¡¯å3^ƸUÑiþ\x0e
ã$¤Dâl\x16H\x104(E\v80äuBÜú¼hV<ÉÑ+Å&¢Vá
ä¬2BfxqÌPFa(\x1cBDQ!OïÄA8¤ÇÎbb;Ê<6\x0e\v\a\x18³\f\x1eu\x11¸¬i?ɦÂ"ÝÏÀ±Àßâ'Ç\fOq©U\x1e/\x190ð¥I{ý|ûúÇ\x1e'\x7fðêÑûyéùorbÝåô·¯ËÏöçô&£\x18àq@ñ\x02l\x10xP+\x14\x0e£¤EÜHn$ëÊ.J2Ê9$0/4Hm(Ø,\x12¾\x12\b\bl^[ì\x1eRsmÚ\x14hÁ¢@Ô¥\x16t%kK\x039f- Dç\x02+ù±
?%\0\x14\x19ø3ÐÖ;>6;´ò"¼IÿÄf¡ÿ·þ¹ôEÝa5uÙ濾¨äpÎTÆ=7
MÿKkÖ\x11Ùô¯ä\x11¤Ø\f\x02¨\x01@Öh±¡\x15Iï=-^[Æàײ¤¦?·¾bbn\f\0À?\x7f2ø;U+#Â4ÐP\x1aF
\a)\x14ÍO;ï¨{*wûdÈ\f³wÇ\x0ex¶md`H)×ÌÜñ¶_ҬЦmîz8+\x03\bòH\b"\x11«+\x14Û$.X,Þ\0uFݸkK\x11ù$üsVÂXf½âºÙÍ'fÆâQ¤£ýp:U\x17\0~kÆ\x12\x0fÍ\x01N^åÿ}½Ük\x12H°³³¢â£p[6]÷ñó³¢s©³^ÇíQÃ[\x1a]c§-¨ª0û~+é$¶\x17Bw:[Ï'Ôü¨\x10\x12=ãøM3M³\x1cu7ºW*\x7f¬WB)A3ß\x17¢>\x1d®f¢B6»òDT|Ôãq\x0ez(çÀ\x7fbÌaÖ=9\f5Gݶqü\x11Ce\x7f\x0e*èì{Fg\b\x12èo\x14;|ÊMw&\04Çv\x0ec\x06DS!{\x16\aO\x17ÚôXÙ\0KL¼ù{3fíÀwÒÛàã\x06Ô÷àZó÷\x1c7Ë\x1e¿\x17nÒ\x1a
D«#ðh.bC409ÑÅI=\ró\x0eôï{¡X\x05UT`-"ÑÌ×rWu_\x03R¢y#ìÃ=¢}Gg
M\x18s¬)ºUr¿`²3&ØL>z²\vGa³cP\x1dêïðªÞ 1õuôú|¼²\PÕå\x17\x05ñ«r\x11$
\x14ÛÙz¾×ãº\x11ú;ýpéÑgKÓ¸>5Å®ñîk¢K\x0e`ýï<\0\x16øêâÚJü\x05³>+gÑìU|NUÌþ\x15üÀæ¨s\x14rø×åò»g\x1a\x1e¹´^\x1a<«\x0fÓ¨KQT?¾üZÎ1Ò\x7f\x17ú\x13ûmm«Ç\bØ0±e\0Fiäï^y\b¾Õ\x1e~\x13@~X{r\x18ÐK¤\vvS(\x01²Ä«nÖ\0¾×P\0qª?ª©Kât>\x11ãAÚÒ°t÷\x1eéAÆ}\x19ÎRÙ\rã:,ð{\x04^/¢ó¯Ý³Îo\x14pëÞ3¸ôÃu:j1\x04ô7\}e,]6^´\x06~\x15®àvn\x13bý²ÕVz½i\x19ø\x1e1Í8ò By«é¿u1\x1aÚìg\b5)F¾ºº¡Øãw^Z\x15JØ\x10¹ç\x19ÂDoôÑof'g²#A#þ©]o^vt\Û°æUûÜù`æ
jM¥÷ãä5îY0ñüÏ\bæ9Û}ùLÞY\x16\x1cÊ¿\x16\x14.²^[®\Ð,Ì$\x16Jb
\r\x06Y\x0e}'½(dÃU²²:Ç\a\rJ6Þ9´ºÿDYëÇsµ®Îèp\x7f`\bÊAa~WiÏJÔ:Ý\a
ï±®ËÝ ï\x10<ÌÖó`5×®\x05õ5õ2æ 'b¢$;\0)Ú©ÀPÍx\x16HÝRcoÅ<$f\x1d4p®§Úw\r×KW\x1f\fîæ»yâk®¸j¨|\Ùé±å@
*uC$^ÇZPwÅÊ\v¢î,\fÂüuÌýD&º¼YÚºªÂ\ñ¢\x16\x1cvk«wÍðÜ\r\fW/,\x18AÎ\x01Þ¹§\x19]\x1c
\x03ÆmÙ!û´\bÝ·ÜfuâªE·%Ö'67sjþ7ßôë\x14xô_á+Úà¶\bKaQ\x17\x13ïs«Oco%näîñ·:WOI±Ì]ïÜÐëx}B}»woÀM%s
ÖÕ^i´´ñ\x04\x1cCÑo\ø¼¸*geo½ÒD½FMR\+Uc¢y¥9àä6.f:é©÷\x14CtR&½2Kºº\x1a|ñÚl´¹£_ÇV\x1eç[èéÉ\x142\0¥(¢ý@|p§D{¸G:<9#ðÓѳ³ªS|ëëÔã·Qg®Íå»)#\bè( l$GÌÔ²\x022V!y£°Ü¯!¬¶\x1aêÀIÄ.aÈÔà\x05D§\x04åå0H4/ûJp°ìE.3<_<'\x1fõwýÈþ\x1dâ¼d|6ªbN§ª³ùe%¡zN ÎPMîZêqx\x0fì
3?ö ÔN
Èh¡¦á\x17\x17\x0f¤¯Ãâa·Ö¼ÕðÕ¢#»ï±ûíá\b(K@ æ<`Ë""©\x17¼q!\x019\vC\x05±thKE¥x«tÕO FÁNC´`Ñ2±\x13;U~Y^"Û¥ÐíEèO¾1÷Ü&ÌS5\x1dX\x16I-³ao\x0e
\aíF\bÂÒh\x141B9ãHäÚtÈ\x11\x061¦n\x0f\x1c)/EÐ
FGC×o§^D²SOrÝPÓ¦\x1c8áÛ®ZÔÚd=Ïmg\v`\x11åénÞ<\vÉ\x06=±Ló.'§û¬/§\fàV2ñ{¢ëÌoÜyÊS]á
TVWÉVÚñ¡-0\r'ïiYºÌZ
÷Æb(À\x01Üxª!l¦xÇã\x18/QÀL_v
Ó\f0Êc\x12\x18ÔívÅ-_Y\x1f\x18.ǺnDIb2ØÎÑ¿óÝÝ^[) Z.Æ\x18À'Ê>\r&ªiÞ\x15´òw\x19ä§ç\fi¦^[^[\x11hHèú\b¾\f)\x1e8`Li\x1cÊÑ}Ö*¶'\x14ÊÂZèuh\x163#़\x17\x0f\x15\x1e\x14FâahÂf\x1aàݤ|Çd²Þ07Çë·.¢¾º¹ëÄ *\x01\x0fZ\x19ûZÔ\x17ð\x06\x05BøA8W×(ÅhDpe\x12H\x02Üe%h¨é\x16â\x16DCSYkF\x18SÂãÕK*Ý5\x13e!\b\x0e¿×Æ\v¨n¹$\x7fGéx#¥\x15a»IÎ9²»ºá'SZN\x05w\x0ef5űV6åSâ\f\rb\x14
ïÌ-(p1yß@SÒ²\x1a\x04ä(¼ÌîxLúË/A¹h\x19õºp`ÁÄ¡Ñxn\x11´\x14\bó\a\x18Æà°PºÐØÁ¶Aò¹7óÖARã{¸DÅ\x18ÒÕF\x18\x0e\x13º¢q1½\x1ac±øh«¹o\x05Øe\x14¶}.^[ÐóÉf|ô^'ÓcTúzw¶nT¶L9<0Åy\rÚ\x15s×Ó/»CNUÕuG^`\vHÃl\x7fèG"\x14N\x1a,§\x0f L\r0AÝÚDISQ¦f)\x1968ÐX¸Y5*DÀ¥í\x18xô\x11ÃA>-¢ùø`°QCÞ)ïSfÿ˺û[Ý<ÚôTÛé\x7fN@ø\x17^[Nó,EG¸*Þä}DUEV\x12\x12g9Æ\x05"\f(a¼dÆo\x04rHVܨù 0Dr\x16\aDÂxö\x06@q
\x1cã.öÍj\x11D\x11.¼4Dfô3ùq¨}ªÏ^H\x19Ì7Z\x11%\x19a Ä\x0e\x18^[5^\x03EÝÖèm\x19),I~ÈY©A`Ð\x16©èÕ¨åµ)\x15B\x11l\x06H¥ZsÚ²;öZѳ¾Ü\x13%x÷\x04Ùyò15\x1cOäS ¨ æJèiKãÁ\x14à×Qí\x06\{Ü*rîe ³\fÄB¨ìWîmÃS¶%JCxëÌÚaM°L§'"êÝ)\x12\Ã#r9h!_\0Ã`¹ïóvzÍè"UAû\x11¤âª_.îó2Ý\x11³¹¹}7¦3%UaJ)¤j6#©\x18³ÍX>¦@\Ã
Ç\x01.Z!|\x06=|\x1fÕi¯\x1e¾[R¡TR\x020¥¨\x15F\x10¶,P#ES\x12{\blÆÂ!zt×\x10\x0eöçÚà3HcKçm `\x1eÍ\0%\x01¤{æ¾ûå\x02.¡FÀÁ»¹¸Ê°'\x11°\x11ÂcåÃÖûI\x03È
Û£#YB\x17»?s[Ö7n[ËìÍD³n¶\x15ÊÕ¸ñ;Ám\x13oÄxÎÌz&\x03¥\x14öS\x19¬øFl"9E\x1cOG\x13¢c/\x1c\x14kñ·\x19«\x1dò÷¹Á1|\x14õ\x1c^[\avQ\v\x02Wò\x06KI4ªNäæզ\x19íMË<ò_åkÖ<m\bà[\x04\x16 ðâÁÁ8 x®\x1cz\vÏ6¤lqeq*¶1¾ç=äB\x03aÛ¬Ê8Î6aNÕ]6BBð]NåÃÃÛÉk¦JÓGE^[6UÎ$]-\x01Ùðé>§¥êvN%Õ\1.ËÆH´ø\x14[Û\x1e¸»)Âuh
[-- Attachment #3: Type: text/plain, Size: 61 bytes --]
--
Dave Abrahams
Boost Consulting
www.boost-consulting.com
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Gnus vulnerable to virus?
2005-12-12 17:35 Gnus vulnerable to virus? David Abrahams
@ 2005-12-12 18:32 ` Reiner Steib
0 siblings, 0 replies; 2+ messages in thread
From: Reiner Steib @ 2005-12-12 18:32 UTC (permalink / raw)
On Mon, Dec 12 2005, David Abrahams wrote:
> I have always thought, smugly, that by using Gnus I was insulating
> myself from viruses. However, when I looked at the enclosed email
> under NTEmacs, I got a dialog box saying that no known program could
> open mm.304-VK (actually, the characters after "mm." vary each time I
> look at the email).
Your "possible-virus" has the following MIME structure:
<* alternative> Re: tangle chairmanship
<1.* alternative>
<1.1 text>
<1.2 html>
<2 gif>
In the default config, Gnus will automatically display the GIF image.
See the recent thread on "spam mails using image/gif in
multipart/alternative":
<news:v94q5j5m1q.fsf@marauder.physik.uni-ulm.de>
http://thread.gmane.org/v94q5j5m1q.fsf%40marauder.physik.uni-ulm.de
> This seems like it's a few bytes away from being able to run
> arbitrary programs.
Only if you have stupidly configured Gnus to pass MIME types to the
default windows application, e.g. by opening MIME a type with "open".
Bye, Reiner.
--
,,,
(o o)
---ooO-(_)-Ooo--- | PGP key available | http://rsteib.home.pages.de/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-12-12 18:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-12-12 17:35 Gnus vulnerable to virus? David Abrahams
2005-12-12 18:32 ` Reiner Steib
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).