* Gnus vulnerable to virus?
@ 2005-12-12 17:35 David Abrahams
2005-12-12 18:32 ` Reiner Steib
0 siblings, 1 reply; 2+ messages in thread
From: David Abrahams @ 2005-12-12 17:35 UTC (permalink / raw)
[-- Attachment #1: Type: text/plain, Size: 419 bytes --]
I have always thought, smugly, that by using Gnus I was insulating
myself from viruses. However, when I looked at the enclosed email
under NTEmacs, I got a dialog box saying that no known program could
open mm.304-VK (actually, the characters after "mm." vary each time I
look at the email). This seems like it's a few bytes away from being
able to run arbitrary programs.
Any clues what might be going on here?
[-- Attachment #2: possible-virus.bz2 --]
[-- Type: application/octet-stream, Size: 3567 bytes --]
BZh91AY&SYN²u\0\x04Ä߀p°}oÿÿÿÿÿú¿ÿÿð`\f^åêúUîíß5öoŸsïj}\x1aJpÍ»ï¼û·»ë>ëãî¹ï[:¾v\x1a“BbdžLš2\x1a4\x03@ž§¦Œ&\x13F‘©¦£CCFÐj M10M\x19\x1a0\x11£F\x110\x04Ú&Ò\x14Ú€\0a¤‰*~'¡4õSý êQ§‰´ÔÅ6
dÉ´Ù)å=@Í54\0J!0M =SÒ~Š\x13ñM=&Ñ3"4žL€\x11†‰‘“\0J\x11\rF€\x1a\x05=ª\x18Ê=M¦§‘µ\f¦M\x1aiµ4ÓF†€\x04¢ &h§¦ˆô\x11=¤§é\ršOP†Ê{Tže\x1a&¦¤\vVLp[Šá6³Ð<©mQXŠºÝžô[Iqá„\x10ȲÁ\bëÿ¾¿¿_•óœq`^¾¤‹D9\x1fÛ\x1e{že³\x180fö#’\x1f5\x7f—ÿ\x1c8éw{›|üE÷\fi9O;4Û6QúB€\x1d \x03wv\x12Ç\x17Õ6\x11’é\x1f\x19U<\x11ÝŸ.©ÜótU§\x7f‹\x05cMêÈã…?\x18½ö')“§LfQŽ"¯ÕðÄi%$ª¨ÛY”ŒfHŒ\mº¡¯å3^ƸUÑi„þ“\x0e
ã$¤Dâ•l\x16H\x104(E\v8š0•‹äuŠŒ†BÜúŽ¼hV<É••Ñ+‰Å&¢ŠVá…ä¬2BfˆxqÌPFa(\x1cBDQ!OïÄA8¤ÇÎbb;Ê<6ˆ\x0e\v\a\x18³\f\x1eu\x11¸¬i?É™¦Â"žÝÏÀ±Àßâ'Ç\fOq©U\x1e/\x190ð¥I{‰ý|žûúÇ\x1e'\x7fðêцûyéùorbÝåô·¯ËÏöçô&£\x18àq@ñ\x02l\x10xP+\x14\x0e£¤EÜHn$ëÊ–.J2Ê9$Œ0“/4Hm(Ø,\x12„‡¾\x12\b\bl^[ì\x1eRsmÚ“\x14hÁ¢ƒ@Ôƒ¥\x16t%kK€•‘\x039f- Dç\x02+ù±
?%\0\x14\x19ø3ÐÖ˜;>›6;´ò"¼Iÿ‘Äf¡ÿ·þ¹ôEÝa5uÙ濾¨äpÎTÆŠ=7…MÿKkÖ„\x11Ùô¯ä\x11¤Ø\f\x02ˆ¨Œ\x01@Öh±¡\x15Iï=-^[Æàײ“¤¦?Š·¾bbn\f\0ÀŽ?\x7f2ø;U+#„Â4ÐP\x1aF…\a“)\x14ÍO;ï–¨{*wûdÈ\f³wÇ\x0ex¶md`H)×ÌÜñ¶_ҬЦmîz8+“œ\x03\bòH\b„"\x11«+\x14Û$.X,Þ\0uFݸkK\x11ù$üsVÂXf½âº’ÙÍ'™fÆ€âQ¤£ýp:U\x17\0~kÆ\x12\x0fÍ\x01N^åÿ›}½Ük\x12H°³‡³„¢â£p[6]÷ñó³¢s©Šƒ„³^ÇíQÃ[\x1a]c§-š€¨ª0û~+é–$¶€\x17Bw:[Ï'Ôü¨\x10\x12ˆ=ã™ø˜M3ŠM–³\x1cu€7ºW*\x7fšÂ¬WB)A3ß\x17¢>\x1d®f¢B6»òDT|Ôãq\x0ez(çˆÀ\x7fbÌaÖ=9\f5GŽÝ¶qü\x11Ce\x7f\x0e*èì{Fg\b\x12èƒo\x14;|ÊMŸw&\04Çv\x0ec\x06DS!”{\x16\aO\x17ÚôXÙ\0K’LŠ¼ù{3fœíÀwÒÛàã’\x06Ô÷àZó÷\x1c™7Ë\x1e¿\x17n”Ò\x1a
D«#ðh.‹bC409ÑÅI=\ró\x0eôï{Ž¡X\x05UT`-–‡"ÑÌ×rWu_\x03R¢y#ìÊ=¢}Gg
M\x18s¬š)ºUr¿`²3&ØL>z²\vGa³cP\x1dêïð˜ªÞƒ 1õuôú|¼˜²\PÕå\x17\x05ñ«r\x11$Ÿ…\x14ÛÙz¾×ãº\x11ú;‚ýpéÑgKÓ¸>5Å®ñîk¢K\x0e`ýï€<\0\x16øêâÚJü\x05³>+gÑ™ìU|NUÌþ\x15üƒÀæ¨s\x14rø×åò»g\x1a\x1e¹´^\x1a<«\x0fÓ¨KQT?¾üZŸ‘Î1Ò\x7f\x17ú›\x13„ûmm«Ç\bØ0±e\0Fiäï^y\b¾Õ\x1e~\x13›@’~X{žr\x18ÐK¤\vvS(\x01²Ä«nÖ\0¾×P\0qª?ª©Kât>\x11ãAÚÒ°t÷\x1eéAŽÆ}\x19“ÎRÙ\rã:,ð{\x04^/¢ó¯Ý³Îo\x14pëÞ3¸ôÃu:j1\x04ô7Ž\}e,]6^´\x06~\x15®à”vn\x13bý²ÕVz½i\x19ø\x1e1Í8ò—– By«é¿u1\x1aÚ‡ìg\bŽ5)F¾º•º¡Øãw^Z\x15JØ\x10¹ç\x19ÂDoôÑof–'g²#A#þ©]o^vt\Û°æUûÜù`æ‘…jM¥÷žãä5îY“0ñüÏ\bæ9Û™}ùLÞY\x16™\x1cÊ¿\x16\x14.Ÿ²^[®\Д,Ì$”\x16Jb…’\r\x06Y\x0e}'½(dÃU²²„:Ç”\a\rJ6Þ9´ºÿDYëÇsµ®Îœè›p\x7f`\bÊAa~WiÏJÔ:Ý\a
ï™±®ËÝ ï\x10<ÌÖó`5×®\x05õ5õ†2æ 'b¢$;\0)Ú©ÀPÍxŽ\x16HÝRcoÅ<$f\x1d4p®‰§Úw\r×–KW\x1f\fîæ»yâk®¸jž¨|\Ùé±å@…*uC$‘^ÇZPwÅÊ\v¢î,\f‚ÂüũýD&º¼YÚºªÂ\Ÿñ¢\x16\x1cvk«wÍðÜ\r\fWš/,\x18AƒÎ\x01Þ¹§\x19]\x1c
\x03Æm„ÙŒ!û´š\bÝ·ÜfuâªE·%Ö'67sjþ7ßôë\x14xô_á+Úà¶\bKaQ•\x17\x13ïˆs«Oco%nä‰îñ™·:WOI±Ì]ïÜÐëx}B}»w‡o“ÀMž„%s
ÖÕ^i´´ñ\x04\x1c–CÑo\™ø˜¼¸*geo½ÒD½šFMR\+Uc¢y‘¥9àä6.f:é©÷\x14™CtR&““½2Kºº\x1a|ñÚl´¹£_ÇVŽ\x1eç[èéÉŒ\x142\0¥(¢ý@|p§D{¸G:<9#ðÓѳ³ªSˆ|ˆ€ëëÔã·Qg®‡Íå»)#‰\bè( l$GÌÔ²\x022V!•y£“°Ü¯!¬–¶\x1aêÀIÄ.aÈÔà\x05D§\x04ˆå„å0H4/ûJp•°šìE.3<_<'\x1fõwýÈþ\x1d⼑d™|6ª—b›N§ª³ùe%¡‘zN ÎPMîZêqx\x0f‘ì
3?ö ÔˆN…Èh¡’¦á\x17\x17\x0f¤”Œ¯ÃŒâa·Ö¼ÕðÕ¢#»ï±û탗á\b(–K@ æ<`Ë""©„\x17–¼q“!\x019\vC\x05±thKE¥x«tÕO FÁNC´`Ñ2±\x13;U~Y^"Û¥Ðí–Eè“O¾1÷„Ü&ÌS5\x1dX™\x16I-³ao\x0e
\aíF\bÂÒh\x141šB9ãHäÚtÈ\x11\x061†¦n\x0f\x1c)/EÐ…FG‹C×o§š^D²SOr—–ÝPÓ¦\x1c8áÛ®ZÔÚd=ŸÏmg\vŒ‡`•\x11åénÞ<\vÉ\x06=±Ló.'§û¬/§\fàV2ñ{¢ëÌoÜyÊS]á
TVWɆV˜Úñ¡-0\r'ïiYºÌZ
÷Æb(À“†\x01‹Üxª!l¦xÇã\x18/—QÀL_v
Ó\f0Êc\x12\x18ÔívÅ-_‡Y˜\x1f\x18.ǺnDIb2ØÎÑ¿óÝÝ€^[)„ Z.”Æ\x18À'Ê>\r&›ªiÞ\x15˜´òw\x19‡ä§ç\fi¦^[^[ˆ\x11hHè–ú\b¾\f)\x1e8`Li\x1c†‚ÊÑ}Ö*¶'“–\x14ÊÂZèuh\x163#़\x17\x0f\x15\x1e\x14FâaœhÂf\x1aàݤ|Çd²Þ07Çë·•.¢¾º¹ëÄ *\x01\x0fZ\x19ˆûZÔ\x17ð\x06\x05Bø„A8W×(ÅhDpe\x12H•\x02Üe%h¨é\x16â\x16D†›CSYkF\x18SÂãÕK*Ý5\x13˜e!\b\x0e¿×Æ\v¨n¹$\x7fGéx#¥\x15a»€IÎ9²»ºáž'SZN\x05w\x0ef5űV6åSâ\f\rb\x14…ï–Ì-Š(p1yß‚@SÒ²\x1a\x04ä(¼ÌîxLúË/A¹h\x19õºp`ÁÄ¡Ñxn\x11´\x14\bƒó\aš\x18ÆŸà°PºÐ‘ØÁ¶A’ò¹7óÖ”ARã{—¸DÅ\x18ÒÕF\x18‹Š\x0e\x13º¢q1½\x1ac±øh«›¹o\x05Øe\x14¶}.^[ÐóÉf|„ô^'Ó’cTúzw¶nT¶ŒL9”<‰Š0ÅŒy\rÚ\x15s×Ó/»CNUÕuG^”ˆ`\vHÃl\x7f‹èG"\x14N\x1a,§\x0f L\r0AÝÚDIS‚Q¦f)\x1968ÐX¸Y5*D‚À¥í\x18xô\x11ÃA>-¢ùø`°QCÞ)ïSfÿ˺Œû[Ý<ÚôTÛé\x7fN@˜ø\x17^[Nó,EG¸*Þä}DUEV\x12\x12„g™9Æ„\x05„"\f(a¼dÆo\x04rHVܨù 0Dr\x16\aDƒÂ€xö\x06†@˜q…—Š†\x1cã.öÍ–j\x11D\x11.¼4Dfô3ùq¨}ªÏ^Hž\x19Ì7Z\x11%\x19a Ä\x0e\x18^[5^\x03EÝÖèm\x19),I™~ÈY©A`Ð\x16©œèÕ¨åµ)\x15•‡B\x11l\x06H¥ZsÚ²;öZѳ¾Ü\x13%x÷\x04Ùyò15\x1cOäS ¨ æJèižKšã‚Á\x14à×Qí\x06\œ{Ü*rîe ³\fÄB¨ìWîmÃS¶%JCxëÌÚ–aM°L§'"êÝ)\x12\Ã#r9hŠ!_\0Þ`¹ïóvzÍè"UAû‚\x11¤âª_.îó2Ý\x11³¹š¹}7¦3—%UaJ)¤j6#©\x18›³ÍX>¦@\Ã
“Ç\x01.Z!”|\x06Ž=|\x1fÕi¯\x1e¾[†R¡TR\x02Œ0¥¨‡\x15†F\x10¶,P#ES\x12{\blÆÂ!zt×\x10\x0eöçÚà3HcKçm `\x1eÍ\0%\x01¤{澕ûå€\x02.¡FÀÁ†»¹¸Ê°'\x11°–•\x11‡cåÃÖûI\x03È
Û£#ƒYB\x17»?s[Ö7n[ËìÍD³n¶\x15Ê€Õ¸ñ;Ám\x13ŠoÄxΗ‡Ìz&”Š\x03¥\x14“†öS\x19¬øFl"9”E\x1cOG•\x13¢c/\x1c\x14kñ·\x19«\x1dò÷¹Á1|\x14œõ\x1c^[\av›‚Q\v\x02Wò\x06KŽI4ªNäæզ\x19íM‘ËŠ<ò_åkÖ<m‘\bà[\x04\x16 ðâ—ÁÁž8 x’®€\x1cžz\vÏ6ž¤lˆqeq*¶1¾ç=äB\x03aÛ¬Ê8Î6aNŒÕ]6BBð]šŒNåÃÃÛÉk¦JÓGE‹^[6UÎ$]-\x01Ùð“é>§¥êvN’%Õ\1.ËÆH´ø\x14[Û\x1e¸»’)„‚u“h
[-- Attachment #3: Type: text/plain, Size: 61 bytes --]
--
Dave Abrahams
Boost Consulting
www.boost-consulting.com
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: Gnus vulnerable to virus?
2005-12-12 17:35 Gnus vulnerable to virus? David Abrahams
@ 2005-12-12 18:32 ` Reiner Steib
0 siblings, 0 replies; 2+ messages in thread
From: Reiner Steib @ 2005-12-12 18:32 UTC (permalink / raw)
On Mon, Dec 12 2005, David Abrahams wrote:
> I have always thought, smugly, that by using Gnus I was insulating
> myself from viruses. However, when I looked at the enclosed email
> under NTEmacs, I got a dialog box saying that no known program could
> open mm.304-VK (actually, the characters after "mm." vary each time I
> look at the email).
Your "possible-virus" has the following MIME structure:
<* alternative> Re: tangle chairmanship
<1.* alternative>
<1.1 text>
<1.2 html>
<2 gif>
In the default config, Gnus will automatically display the GIF image.
See the recent thread on "spam mails using image/gif in
multipart/alternative":
<news:v94q5j5m1q.fsf@marauder.physik.uni-ulm.de>
http://thread.gmane.org/v94q5j5m1q.fsf%40marauder.physik.uni-ulm.de
> This seems like it's a few bytes away from being able to run
> arbitrary programs.
Only if you have stupidly configured Gnus to pass MIME types to the
default windows application, e.g. by opening MIME a type with "open".
Bye, Reiner.
--
,,,
(o o)
---ooO-(_)-Ooo--- | PGP key available | http://rsteib.home.pages.de/
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2005-12-12 18:32 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2005-12-12 17:35 Gnus vulnerable to virus? David Abrahams
2005-12-12 18:32 ` Reiner Steib
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).