procmail
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

forwarded message from John Conover

1999-03-30 11:06:40
from [John Conover] [Permanent Link] 
FYI, Melissa is being discussed on the qmail mailing list. I posted
the attached kind of quick solution that uses procmail. FWIW ...

        John

------- start of forwarded message (RFC 934 encapsulation) -------
Return-Path: <conover(_at_)inow(_dot_)com>
Received: (qmail 8 invoked by uid 501); 30 Mar 1999 17:50:41 -0000
Resent-Date: 30 Mar 1999 17:50:41 -0000
Resent-Message-ID: <19990330175041(_dot_)5(_dot_)qmail(_at_)inow(_dot_)com>
Resent-From: conover(_at_)inow(_dot_)com
Resent-To: john-archive(_at_)inow(_dot_)com
Mailing-List: contact qmail-help(_at_)list(_dot_)cr(_dot_)yp(_dot_)to; run by 
ezmlm
Precedence: bulk
Message-ID: <19990330174801(_dot_)32644(_dot_)qmail(_at_)inow(_dot_)com>
References: 
<4(_dot_)1(_dot_)19990329131317(_dot_)00a3cc90(_at_)pop(_dot_)sendmail(_dot_)com>
        <36FEB277(_dot_)5C80CD5D(_at_)trnet(_dot_)com>
        <36FFDC21(_dot_)42B4B0E7(_at_)rmc(_dot_)ca>
        
<3(_dot_)0(_dot_)5(_dot_)32(_dot_)19990329135602(_dot_)007dd380(_at_)pop3(_dot_)logx(_dot_)com>
        <yld81r9wmd(_dot_)fsf(_at_)windlord(_dot_)stanford(_dot_)edu>
        
<19990330151536(_dot_)30126(_dot_)qmail(_at_)desk(_dot_)crynwr(_dot_)com>
        <19990330162715(_dot_)16521(_dot_)qmail(_at_)deer>
From: John Conover <conover(_at_)inow(_dot_)com>
To: qmail(_at_)inow(_dot_)com
Subject: Re: Melissa Virus
Date: 30 Mar 1999 17:48:12 -0000

craig(_at_)jcb-sc(_dot_)com writes:

Russ Allbery writes:

I'd like to back this up, and point out here that too much Microsoft
bashing on this one is misplaced.


Sorry, Russ, this *is* a Microsoft problem.  When many people make the
same mistake, it is a failure of technology, not a failure of people.
Software that fails to adapt to people's usual and expected behavior
is wrong.


Well, yes and no.



FWIW, what I did, since I use procmail as a local delivery agent with
qmail, is scan the top 50 lines of all incoming, (when its delivered
to the user's Mailbox out of ~/.qmail,) and if an attachment is found,
mime encapsulate around the attachment with a text warning the user
can't miss that attachments can contain evil stuff, click at your own
risk. It at least stops automatic execution of the MS Office
suite. (Unfortunately, it requires an RFC 932 compliant MUA on the PCs
to get a valid attachment, which are kind of hard to come buy-but
Netscape seems to work OK.) At least there is no excuse for someone
clicking on Melissa or Papa.

They can't say they didn't know.

Scanning the top 50 lines does not seem to hammer box resources too
bad, and is done on the rcpt's machine, which is not the mail server
in my case, (cheap Linux boxes work.)

        John

BTW, I put the address of the sender of the attachment in the warning,
since procmail's formail will extract such stuff, and a statement that
if you don't know this person, don't click. Also, a link to an
IntrAnet page explaining the situation concerning the problems with
attachments, that link into the web media stuff, blah, blah, blah.

- -- 

John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA.
VOX 408.370.2688, FAX 408.379.9602
conover(_at_)inow(_dot_)com, http://www2.inow.com/~conover/john.html
------- end -------
-- 

John Conover, 631 Lamont Ct., Campbell, CA., 95008, USA.
VOX 408.370.2688, FAX 408.379.9602
conover(_at_)inow(_dot_)com, http://www2.inow.com/~conover/john.html
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • forwarded message from John Conover, John Conover <=
Previous by Date:  Re: rejecting message without a TO header., David W. Tamkin
Next by Date:  How to get RBLCHECK to work with procmail, Ron 'The InSaNe One' Rosson
Previous by Thread:  umask and mode creation, Francois Felix Ingrand
Next by Thread:  How to get RBLCHECK to work with procmail, Ron 'The InSaNe One' Rosson
Indexes:  [Date] [Thread] [Top] [All Lists]