* Re: ALERT: Emacs GNUS can spread a virus invisibly [not found] ` <87ptt1plj6.fsf@labatt.uhoreg.ca> @ 2002-11-19 17:06 ` Andrew McDermott 2002-11-19 19:37 ` Hubert Chan 0 siblings, 1 reply; 6+ messages in thread From: Andrew McDermott @ 2002-11-19 17:06 UTC (permalink / raw) Hubert Chan <hubert@uhoreg.ca> writes: >>>>>> "gm" == Gary Lawrence Murphy <garym@canada.com> writes: > > gm> This took me by complete surprise, and caused a major embarrassment: > gm> Emacs GNUS can be fooled into hiding a virus attachment that is > gm> propagated when the email is forwarded. > > [...] > > gm> The risk here is considerable: Just because the email looks clean, > gm> just because your unix-based email program was immune to the effect > gm> and shows no embedded trap, does not mean there isn't one. > > I have > > (setq gnus-inhibit-mime-unbuttonizing t) > > in my .gnus. That causes gnus to display a list of all the MIME Which version of gnus? describe-variable gives me: "undocumented variable." My gnus is from a daily `cvs up'. > alternatives. (I /think/ that's the variable -- I can't locate > documentation for it to confirm.) I suppose you could also frob > gnus-unbuttonized-mime-types. > > -- > Hubert Chan <hubert@uhoreg.ca> - http://www.uhoreg.ca/ > PGP/GnuPG key: 1024D/124B61FA > Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA > Key available at wwwkeys.pgp.net. Encrypted e-mail preferred. -- andy ^ permalink raw reply [flat|nested] 6+ messages in thread
* Re: ALERT: Emacs GNUS can spread a virus invisibly 2002-11-19 17:06 ` ALERT: Emacs GNUS can spread a virus invisibly Andrew McDermott @ 2002-11-19 19:37 ` Hubert Chan 0 siblings, 0 replies; 6+ messages in thread From: Hubert Chan @ 2002-11-19 19:37 UTC (permalink / raw) [-- Attachment #1: Type: text/plain, Size: 820 bytes --] >>>>> "Andrew" == Andrew McDermott <andrew.mcdermott@windriver.com> writes: >> I have >> >> (setq gnus-inhibit-mime-unbuttonizing t) >> >> in my .gnus. That causes gnus to display a list of all the MIME Andrew> Which version of gnus? describe-variable gives me: Andrew> "undocumented variable." Andrew> My gnus is from a daily `cvs up'. Oort 0.06. Mine says "undocumented variable" too, and I don't remember how I came across that variable in the first place. I must have looked through the lisp sources, but I can't imagine why I would do anything like that. -- Hubert Chan <hubert@uhoreg.ca> - http://www.uhoreg.ca/ PGP/GnuPG key: 1024D/124B61FA Fingerprint: 96C5 012F 5F74 A5F7 1FF7 5291 AF29 C719 124B 61FA Key available at wwwkeys.pgp.net. Encrypted e-mail preferred. [-- Attachment #2: Type: application/pgp-signature, Size: 188 bytes --] ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <87r8dh1f01.fsf@computer.localdomain>]
* Re: ALERT: Emacs GNUS can spread a virus invisibly [not found] ` <87r8dh1f01.fsf@computer.localdomain> @ 2002-11-20 1:31 ` Gary Lawrence Murphy 0 siblings, 0 replies; 6+ messages in thread From: Gary Lawrence Murphy @ 2002-11-20 1:31 UTC (permalink / raw) I tried that multipart detect, and it did detect multipart, but C-d only shows the following (which I have cut and paste in hopes of avoiding including the virus file ;) (end of the email ...) Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/ From: webfeat <webfeat@dryrain.com> Subject: Paleontology. To: teledynamics@canada.com Date: Sun, 17 Nov 2002 17:07:37 -0600 <!doctype html public "-//w3c//dtd html 4.0 transitional//en"> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"> <meta name="Generator" content="Corel WordPerfect 8"> <meta name="GENERATOR" content="Mozilla/4.7 [en] (Win95; I) [Netscape]"> <meta name="Author" content="Carl Wlock"> <title>MD5M13 LIONS</title> </head> <body text="#000000" bgcolor="#C0C0C0" link="#0000FF" vlink="#551A8B" alink="#FF0000"> <img SRC="image61R.JPG" BORDER=0 height=187 width=149> <b><i><font size=+1>Lion Cliff Gussie - District Governor 5M-13</font></i></b> <p><font size=+1><b><i> L</i></b>ion Cliff Gussie spent 33 years in education. After graduating from high</font> <br><font size=+1> school, Lion Cliff attended Manitoba Teachers College. He later graduated</font> <br><font size=+1> from the University of Manitoba with B.A. and BEd. degrees. During his</font> <br><font size=+1> tenure in education, he served as Vice Principal, Physical Education Director,</font> <br><font size=+1> Guidance Councillor and classroom teacher. He also served on many Manitoba</font> <br><font size=+1> Teacher Association committees and as local president of the Swan Valley</font> <br><font size=+1> Teacher's Society for two terms.</font> <p> <font size=+1>Lion Cliff has served as Chief Instructor of an Army Cadet Corp., Town</font> <br><font size=+1> Recreation Director and on many service clubs and organizations. Many</font> <br><font size=+1> years were spent coaching school and community sports.</font> <p><font size=+1> In addition to teaching, Lion Cliff has owned and operated a men's clothing</font> <br><font size=+1> and dry goods in partnership with his wife Kay.</font> <p><font size=+1> As a Lion for 15 years, District Governor Cliff has held the offices of Lion</font> <br><font size=+1> Tamer, Secretary, Director, and President in the Swan River Lions club as</font> <br><font size=+1> well as Zone Chair, Convention Chair, Orientation Chair and Quest Chair</font> <br><font size=+1> as a member of the Cabinet. Presently he is chairing one committee on the</font> <br><font size=+1> MD5 Multiple Council and acting on another.</font> <p><font size=+1> A man of many interests, Lion Cliff is active in many sports such as curling,</font> <br><font size=+1> golf, slow-pitch, X-country skiing, snowshoeing, hiking and running and such</font> <br><font size=+1> hobbies as geology, archeology and paleontology.</font> <p><font size=+1> Lion Cliff and Lion Kay have three sons, two daughters and one grand-</font> <br><font size=+1> daughter.</font> <br><img SRC="lion_hea.gif" BORDER=0 height=94 width=111> </body> </html> ---------- as you can see, it doesn't show up as any attachement. if anyone would like me to forward this message to them, let me know and I'll send you the message as a forward -- Gary Lawrence Murphy - garym@teledyn.com - TeleDynamics Communications - blog: http://www.teledyn.com/mt/ - biz: http://teledyn.com/ - "Computers are useless. They can only give you answers." (Picasso) ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <c73a070e.0211220107.6e01c174@posting.google.com>]
[parent not found: <m2smxqem3a.fsf@maya.dyndns.org>]
[parent not found: <uwun28njl.fsf@standardandpoors.com>]
[parent not found: <87bs4dvqt2.fsf@cremer.esr.ruhr-uni-bochum.de>]
* Re: ALERT: Emacs GNUS can spread a virus invisibly [not found] ` <87bs4dvqt2.fsf@cremer.esr.ruhr-uni-bochum.de> @ 2002-11-25 14:13 ` Kai Großjohann [not found] ` <8yzhd91j.fsf@random.localnet.unwireduniverse.com> 1 sibling, 0 replies; 6+ messages in thread From: Kai Großjohann @ 2002-11-25 14:13 UTC (permalink / raw) Thomas Steffen <for_replies_only@iname.com> writes: > 1. Gnus *should* show that the posting contains more than one form of > the content. This is a useful information for the reader, even in a > perfectly normal context. Gnus prints `(3 parts)' in the modeline... kai -- ~/.signature is: umop ap!sdn (Frank Nobis) ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <8yzhd91j.fsf@random.localnet.unwireduniverse.com>]
* Re: ALERT: Emacs GNUS can spread a virus invisibly [not found] ` <8yzhd91j.fsf@random.localnet.unwireduniverse.com> @ 2002-12-10 15:17 ` Gary Lawrence Murphy 0 siblings, 0 replies; 6+ messages in thread From: Gary Lawrence Murphy @ 2002-12-10 15:17 UTC (permalink / raw) Excellent -- the buttonizing is a lot more intrusive than a modeline report (who looks at modelines? without looking, what's the last char on yours right now?) I love usenet. -- Gary Lawrence Murphy - garym@teledyn.com - TeleDynamics Communications - blog: http://www.teledyn.com/mt/ - biz: http://teledyn.com/ - "Computers are useless. They can only give you answers." (Picasso) ^ permalink raw reply [flat|nested] 6+ messages in thread
[parent not found: <87isys1tf3.fsf@saturn.jazzyb.org.uk>]
* Re: ALERT: Emacs GNUS can spread a virus invisibly [not found] ` <87isys1tf3.fsf@saturn.jazzyb.org.uk> @ 2002-11-25 20:23 ` Chris Brightman 0 siblings, 0 replies; 6+ messages in thread From: Chris Brightman @ 2002-11-25 20:23 UTC (permalink / raw) >>>>> "Chris" == Chris <chris@jazzyb.org.uk> writes: >>>>> "GLM" == Gary Lawrence Murphy <garym@canada.com> writes: GLM> I don't know why the second part was hidden in the GNUS display, and GLM> if there is a setting to show this message for what it actually GLM> contained, I don't know what it is, but it needs to get fixed. Chris> There are two complete sets of MIME boundaries using the same Chris> boundary string in messages I have seen that do this Chris> (unfortunately you did not paste enough to show conclusively that Chris> this is the same malformation, but your description is consistent Chris> with it). The second set are technically MIME epilogue according Chris> to RFC2046. Unfortunately some MUAs (such as OE) continue parsing Chris> with the same boundary string. Chris> The content after that final boundary is epilogue and should not Chris> be displayed by MUAs. Perhaps when forwarding messages, the MIME Chris> prologue and epilogue should be discarded? OK, I take back what I wrote the other day. What I described *is* an exploit used by some viruses to transport themselves, but having looked at the sample posted earlier today, this is not an example of it. (incidentally, I can't find that sample now, maybe it was cancelled?) This is a generic MIME (Microsoft) exploit, details are available at: http://vil.nai.com/vil/content/v_99273.htm http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@mm.html Technical data on the vulnerability are at: http://www.microsoft.com/technet/security/bulletin/MS01-020.asp My view as a Gnus user to this is that I don't want to be responsible for unknowingly sending executable attachments to others. I take Kai's point that the modeline indicates the number of parts, but is there a way to easily modify the display of such messages within Gnus? I would like to see more information within the article buffer - what are my options? Thanks Chris ^ permalink raw reply [flat|nested] 6+ messages in thread
end of thread, other threads:[~2002-12-10 15:17 UTC | newest]
Thread overview: 6+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
[not found] <m2adk56254.fsf_-_@maya.dyndns.org>
[not found] ` <87ptt1plj6.fsf@labatt.uhoreg.ca>
2002-11-19 17:06 ` ALERT: Emacs GNUS can spread a virus invisibly Andrew McDermott
2002-11-19 19:37 ` Hubert Chan
[not found] ` <87r8dh1f01.fsf@computer.localdomain>
2002-11-20 1:31 ` Gary Lawrence Murphy
[not found] ` <c73a070e.0211220107.6e01c174@posting.google.com>
[not found] ` <m2smxqem3a.fsf@maya.dyndns.org>
[not found] ` <uwun28njl.fsf@standardandpoors.com>
[not found] ` <87bs4dvqt2.fsf@cremer.esr.ruhr-uni-bochum.de>
2002-11-25 14:13 ` Kai Großjohann
[not found] ` <8yzhd91j.fsf@random.localnet.unwireduniverse.com>
2002-12-10 15:17 ` Gary Lawrence Murphy
[not found] ` <87isys1tf3.fsf@saturn.jazzyb.org.uk>
2002-11-25 20:23 ` Chris Brightman
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for NNTP newsgroup(s).