Menu
▾
▴
Re: Body Retrival Error
|
From: Pontus U. <po...@ul...> - 2001-07-31 14:08:57
|
Well ... as I see it, it is our duty as writers/users of email-software
to ensure that worms can spread through our clients.
or maybe NOT!! :-P
But when we are on the topic of worms
I have received one or two mail messages where I was presented with a
HTML-page (which is rendered with pictures and every thing) and "NO" I have
not turned on "view html" in display settings.
This indicates that it could be possible to write a e-mail message that
contains a Java script worm. Reading cookies and sending them to third party
server. I'm sorry to say that I deleted these email messages and I haven't
been able to recreate one, but I guess these messages only include html code
that are not inside a mime header.
I will investigate this a bit further and see if I can come up with a
solution.
Also I think that even if "view html" is enabled squirrelmail should parse
out and disable all img-, javascript- and embededtags. (Maybe it all ready
does, I haven't tried it yet).
All these can be used to implant some kind of worm into the mail. (We don't
want squirrelmail to be another HotMail/Yahoo disaster :-P )
> I've been getting this lately:
>
> Body retrival error. Please report this bug!
> Response: OK
> Message: FETCH completed
> FETCH line: * OK [PARSE] Unexpected characters at end of parameters:
> text
> ---------------
>
> Then there'll be a text/plain attachment with the body of the message.
>
> Luckily, I've only noticed this with the SirCam-generated emails, so
> I'm in no way concerned. We'll be pushed kicking and screaming into
> conforming to Outlook's mail capabilities, but I'll be damned if we're
> going to make sure a worm's email shows up alright :)
>
> -r3-
Virtually Yours
Pontus Ullgren
Software Designer & Linux Zealot
e-mail: pon...@ad...
--
Q: What is a Zealot ?
A: http://www.everything2.org/index.pl?node_id=35990
--
Say NO to HTML in e-mail messages
|