[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Idea for stopping e-mail viruses

To: qmail@xxxxxxxxxxxxx
Subject: Re: Idea for stopping e-mail viruses
From: Markus Stumpf <maex-qmail@xxxxxxxxx>
Date: Tue, 03 Feb 2004 21:45:57 +0100
Delivered-to: de5-qmail@sws5.ornl.gov
Delivered-to: mailing list qmail@list.cr.yp.to
In-reply-to: <401FC66B.40809@x-istence.com>
Mailing-list: contact qmail-help@list.cr.yp.to; run by ezmlm
Organization: SpaceNet AG, Muenchen, Germany
References: <129782657.1075629860@[192.168.1.100]> <20040202071852.D4471@discworld.dyndns.org> <401EC4D9.2070502@x-istence.com> <20040202220107.GI99880@Space.Net> <401ED362.3010406@x-istence.com> <20040203152541.GB80429@Space.Net> <401FC66B.40809@x-istence.com>
User-agent: Mutt/1.4.1i

On Tue, Feb 03, 2004 at 11:03:55AM -0500, X-Istence wrote:
> Just cause i cant find one in your emails doesnt mean i dont remove your 
> email adress when i hit reply-all.

Do as you like. I have no problems getting Cc: If I don't want it I set
Mail-Followyp-To headers.

> Second, where would i set this in ThunderBird?

RTFM. If it doesn't support customzimed Headers get a decent MUA.

> that, it will probably all get sent there, and as i use different 
> accounts without aliases it would be a pain, i would have to setup a 
> second mail box just to add this header and have my mail go to the right 
> email adress. So just please be considerate.

Without it I always have to remember for all the 100s of lists I'm on
who wants to be Cc'ed and who doesn't. And I have to munged the header
fields for those who don't want and are to lazy to the Mail-Followup-To.

> Most people stop either all executables and attachments, or virus scan 
> em and if it is a virus discard it, if not let it go thru, so then we 
> still have the problem of having viruses that are yet undefined going 
> thru to someone's mail box. The way he is proposing would not let that 
> happen.

Hear hear.
How about the following email (bounce) in format text/plain:

-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*
From: Mail Delivery System <Mailer-Daemon@xxxxxxxxxxxxxxxx>
Subject: Mail delivery failed: returning message to sender
Message-Id: <E1Anlxy-00080p-00@xxxxxxxxxxxxxxxx>
Date: Mon, 02 Feb 2004 21:50:50 +0000

This message was created automatically by mail delivery software (Exim).

A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:


  keepah@xxxxxxxxx
    (generated from showme@xxxxxxxxxxxxx)
    SMTP error from remote mailer after end of data:
    host spool11.gxn.net [195.147.249.235]: 550-Looks like a MyDoom
infected mail. E-mail postmaster@yourdomain.
    550 if you think this was a false positive.

------ This is a copy of the message, including all the headers. ------

Received: from pd958ff06.dip.t-dialin.net ([217.88.255.6]
helo=vhs-unterhaching.de)
        by hub.mail.gxn.net with esmtp (Exim 3.34 #3)
        id 1Anlxv-00080e-00
        for showme@xxxxxxxxxxxxx; Mon, 02 Feb 2004 21:50:47 +0000
From: XXXX - sender protected
To: showme@xxxxxxxxxxxxx
Subject: hi
Date: Mon, 2 Feb 2004 22:57:58 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
        boundary="----=_NextPart_000_0002_B700E076.779F1567"
X-Priority: 3
X-MSMail-Priority: Normal
Message-Id: <E1Anlxv-00080e-00@xxxxxxxxxxxxxxxx>

This is a multi-part message in MIME format.

------=_NextPart_000_0002_B700E076.779F1567
Content-Type: text/plain;
        charset="Windows-1252"
Content-Transfer-Encoding: 7bit

The message cannot be represented in 7-bit ASCII encoding and has been
sent as a binary attachment.


------=_NextPart_000_0002_B700E076.779F1567
Content-Type: application/octet-stream;
        name="message.zip"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
        filename="message.zip"

UEsDBAoAAAAAAD2vQjDKJx+eAFgAAABYAABVAAAAbWVzc2FnZS50eHQgICAgICAgICAgICAgICAg
ICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgLnBp
Zk1akAADAAAABAAAAP//AAC4AAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAKgAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAFBF
AABMAQMAAAAAAAAAAAAAAAAA4AAPAQsBBwAAUAAAABAAAABgAABgvgAAAHAAAADAAAAAAEoAABAA
[ ... ]
-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*-*

Isn't it funny that this email without any attachment at all (the
original message is not MIME shielded!!) will pass almost all virus
scanners but fucking Outlook will do it's best to restore this message
to something more useful and interprets it as "inline MIME" or what do I
know what kind of bullshit and happily presents the user a clickable
virus.

The "Idea for stopping e-mail viruses" will save you from NOTHING.
And the above virus isn't even a "unknown" one.

Btw. bounces from standard qmail will produce the same problems with
Outlook.

	\Maex

-- 
SpaceNet AG            | Joseph-Dollinger-Bogen 14 | Fon: +49 (89) 32356-0
Research & Development |       D-80807 Muenchen    | Fax: +49 (89) 32356-299
"The security, stability and reliability of a computer system is reciprocally
 proportional to the amount of vacuity between the ears of the admin"

Follow-Ups:
- Re: Idea for stopping e-mail viruses
  - From: John Conover

References:
- Idea for stopping e-mail viruses
  - From: Ted Fines
- Re: Idea for stopping e-mail viruses
  - From: Charles Cazabon
- Re: Idea for stopping e-mail viruses
  - From: X-Istence
- Re: Idea for stopping e-mail viruses
  - From: Markus Stumpf
- Re: Idea for stopping e-mail viruses
  - From: X-Istence
- Re: Idea for stopping e-mail viruses
  - From: Markus Stumpf
- Re: Idea for stopping e-mail viruses
  - From: X-Istence

Prev by Date: Re: Idea for stopping e-mail viruses
Next by Date: Re: Idea for stopping e-mail viruses
Previous by thread: Re: Idea for stopping e-mail viruses
Next by thread: Re: Idea for stopping e-mail viruses
Index(es):
- Date
- Thread