Re: OT: Virii on vger.kernel.org lists

Riley Williams (rhw@MemAlpha.CX)
Wed, 1 Aug 2001 00:06:46 +0100 (BST)


Hi Craig.

>>> Better than that, simply strip all non-text MIME attachments, or
>>> bounce the messages containing them. End of story.

>> Two problems with that:
>>
>> 1. Some virii are text attachments. Your fix doesn't deal with them.

> I'm not aware of the TEXT/PLAIN viruses (ignoring jokes, er,
> social comments, about the GPL). Could you point me to a sample?

Are you limiting "text attachments" to TEXT/PLAIN ??? If so, you just
killed a large number of very useful attachments. Off the top of my
head...

1. Most patches that are attached rather than inline arrive here
as TEXT/DIFF so you've just killed a lot of very important
attachments.

2. Some of Linus Torvalds' emails come with a TEXT/SIGNATURE
attachment, so you've just prevented him posting from the
computer that does that.

3. One of the assignments at University was to email a specific
MS-Word document (with an auto-starting macro in it) through a
mailer that was specifically set to strip any attachments of the
relevant mime types. In a class of 43 students, only two failed
that assignment, and between the 41 who succeeded, no less than
SEVEN different ways to do so were used, ALL of which used TEXT/
mime types for the enclosure - and FIVE of those were new to the
lecturer as well. The said lecturer also stated that there were
a further NINE ways to do so that none of us had found, but did
not go into detail.

Once you allow TEXT/* to pass, you discover just how many virii will
get straight past your filter without any problems at all. Basically,
you get nowhere doing that...

>> 2. The maintainer of the XXX driver just uploaded a large patch that
>> fixes a major bug in their driver to the mailing list, and zip'd
>> it up to reduce its size. You just bounced it...

> I recall from past discussions that there's considerable
> sentiment on l-k that zip'd patches are undesirable. If the
> patch is inconveniently large, it can be split into several
> messages, or placed on an FTP server. Inconvenient for the
> developer, maybe, but better for the list as a whole.

Personally, my own stance on attachments (zip or otherwise) is that
they should be below the limit at which my mailhost rejects them. On
at least one mailhost I know, emails over 25k are killed without
notice. My own mailhost kills any over 1,536k so that isn't a problem
for me, but others have much smaller limits.

> Separately, I think we've spent enough time with the off-topic
> topic. Perhaps we can move the discussion offline?

Other than your comments, it already is offline...

Best wishes from Riley.

-
To unsubscribe from this list: send the line "unsubscribe linux-kernel" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.tux.org/lkml/