From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.io/gmane.emacs.gnus.user/1512 Path: news.gmane.org!not-for-mail From: Chris Brightman Newsgroups: gmane.emacs.gnus.user Subject: Re: ALERT: Emacs GNUS can spread a virus invisibly Date: Mon, 25 Nov 2002 20:23:15 +0000 Message-ID: <871y59fmp8.fsf@saturn.jazzyb.org.uk> References: <87isys1tf3.fsf@saturn.jazzyb.org.uk> NNTP-Posting-Host: main.gmane.org Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii X-Trace: sea.gmane.org 1138668260 11563 80.91.229.2 (31 Jan 2006 00:44:20 GMT) X-Complaints-To: usenet@sea.gmane.org NNTP-Posting-Date: Tue, 31 Jan 2006 00:44:20 +0000 (UTC) Original-X-From: nobody Tue Jan 17 17:29:16 2006 Original-Path: quimby.gnus.org!not-for-mail Original-Newsgroups: gnu.emacs.gnus Original-NNTP-Posting-Host: pc2-shep2-6-cust90.nott-b.cable.ntl.com Original-X-Trace: quimby.gnus.org 1038256174 29115 81.98.159.90 (25 Nov 2002 20:29:34 GMT) Original-X-Complaints-To: usenet@quimby.gnus.org Original-NNTP-Posting-Date: 25 Nov 2002 20:29:34 GMT User-Agent: Gnus/5.090008 (Oort Gnus v0.08) Emacs/21.2 (i386-debian-linux-gnu) Cancel-Lock: sha1:zh3WaoCRjjKwh+QDYynecv3jJ7k= Original-Xref: bridgekeeper.physik.uni-ulm.de gnus-emacs-gnus:1652 Original-Lines: 43 X-Gnus-Article-Number: 1652 Tue Jan 17 17:29:16 2006 Xref: news.gmane.org gmane.emacs.gnus.user:1512 Archived-At: >>>>> "Chris" == Chris writes: >>>>> "GLM" == Gary Lawrence Murphy writes: GLM> I don't know why the second part was hidden in the GNUS display, and GLM> if there is a setting to show this message for what it actually GLM> contained, I don't know what it is, but it needs to get fixed. Chris> There are two complete sets of MIME boundaries using the same Chris> boundary string in messages I have seen that do this Chris> (unfortunately you did not paste enough to show conclusively that Chris> this is the same malformation, but your description is consistent Chris> with it). The second set are technically MIME epilogue according Chris> to RFC2046. Unfortunately some MUAs (such as OE) continue parsing Chris> with the same boundary string. Chris> The content after that final boundary is epilogue and should not Chris> be displayed by MUAs. Perhaps when forwarding messages, the MIME Chris> prologue and epilogue should be discarded? OK, I take back what I wrote the other day. What I described *is* an exploit used by some viruses to transport themselves, but having looked at the sample posted earlier today, this is not an example of it. (incidentally, I can't find that sample now, maybe it was cancelled?) This is a generic MIME (Microsoft) exploit, details are available at: http://vil.nai.com/vil/content/v_99273.htm http://securityresponse.symantec.com/avcenter/venc/data/w32.klez.e@mm.html Technical data on the vulnerability are at: http://www.microsoft.com/technet/security/bulletin/MS01-020.asp My view as a Gnus user to this is that I don't want to be responsible for unknowingly sending executable attachments to others. I take Kai's point that the modeline indicates the number of parts, but is there a way to easily modify the display of such messages within Gnus? I would like to see more information within the article buffer - what are my options? Thanks Chris