From: Chris Brightman <chris@jazzyb.org.uk>
Subject: Re: ALERT: Emacs GNUS can spread a virus invisibly
Date: Mon, 25 Nov 2002 20:23:15 +0000 [thread overview]
Message-ID: <871y59fmp8.fsf@saturn.jazzyb.org.uk> (raw)
In-Reply-To: <87isys1tf3.fsf@saturn.jazzyb.org.uk>
>>>>> "Chris" == Chris <chris@jazzyb.org.uk> writes:
>>>>> "GLM" == Gary Lawrence Murphy <garym@canada.com> writes:
GLM> I don't know why the second part was hidden in the GNUS display, and
GLM> if there is a setting to show this message for what it actually
GLM> contained, I don't know what it is, but it needs to get fixed.
Chris> There are two complete sets of MIME boundaries using the same
Chris> boundary string in messages I have seen that do this
Chris> (unfortunately you did not paste enough to show conclusively that
Chris> this is the same malformation, but your description is consistent
Chris> with it). The second set are technically MIME epilogue according
Chris> to RFC2046. Unfortunately some MUAs (such as OE) continue parsing
Chris> with the same boundary string.
Chris> The content after that final boundary is epilogue and should not
Chris> be displayed by MUAs. Perhaps when forwarding messages, the MIME
Chris> prologue and epilogue should be discarded?
OK, I take back what I wrote the other day. What I described *is* an exploit
used by some viruses to transport themselves, but having looked at the sample
posted earlier today, this is not an example of it. (incidentally, I can't
find that sample now, maybe it was cancelled?)
This is a generic MIME (Microsoft) exploit, details are available at:
http://vil.nai.com/vil/content/v_99273.htm
http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@mm.html
Technical data on the vulnerability are at:
http://www.microsoft.com/technet/security/bulletin/MS01-020.asp
My view as a Gnus user to this is that I don't want to be responsible for
unknowingly sending executable attachments to others. I take Kai's point
that the modeline indicates the number of parts, but is there a way to easily
modify the display of such messages within Gnus? I would like to see more
information within the article buffer - what are my options?
Thanks
Chris
prev parent reply other threads:[~2002-11-25 20:23 UTC|newest]
Thread overview: 6+ messages / expand[flat|nested] mbox.gz Atom feed top
[not found] <m2adk56254.fsf_-_@maya.dyndns.org>
[not found] ` <87ptt1plj6.fsf@labatt.uhoreg.ca>
2002-11-19 17:06 ` Andrew McDermott
2002-11-19 19:37 ` Hubert Chan
[not found] ` <87r8dh1f01.fsf@computer.localdomain>
2002-11-20 1:31 ` Gary Lawrence Murphy
[not found] ` <c73a070e.0211220107.6e01c174@posting.google.com>
[not found] ` <m2smxqem3a.fsf@maya.dyndns.org>
[not found] ` <uwun28njl.fsf@standardandpoors.com>
[not found] ` <87bs4dvqt2.fsf@cremer.esr.ruhr-uni-bochum.de>
2002-11-25 14:13 ` Kai Großjohann
[not found] ` <8yzhd91j.fsf@random.localnet.unwireduniverse.com>
2002-12-10 15:17 ` Gary Lawrence Murphy
[not found] ` <87isys1tf3.fsf@saturn.jazzyb.org.uk>
2002-11-25 20:23 ` Chris Brightman [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=871y59fmp8.fsf@saturn.jazzyb.org.uk \
--to=chris@jazzyb.org.uk \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).