incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Eike Rathke <...@erack.de>
Subject Re: [ooo-user] was RE: users@openoffice.org [Was: Re: [Discussion] dev@openoffice.org]
Date Wed, 31 Aug 2011 23:01:05 GMT
Hi Dennis,

On Wednesday, 2011-08-31 14:17:38 -0700, Dennis E. Hamilton wrote:

[... reordering quotes and adding a quote level for better readability, stripping rest ...]

> From: TJ Frazier
>> Funny you should mention that. That very problem occurred on Bugzilla, 
>> with DOC attachments bearing Trojan viruses. --/tj/

> Wow!
> 
> When was that?

Last year? But I think what TJ was referring was a case of .doc
attachments to make them look like a testcase but instead contained
a JavaScript snippet redirecting the browser to a different site that
tried to install malware. Quite clever.

> I assume that bugzilla still accepts attachments (we were talking about lists).

A bug tracker _has_ to accept attachments, without it is useless in many
cases.

> What do we do to protect it?

How about a virus scan on attachments? That probably wouldn't help
against the JavaScript case though. Virus scans could even be done for
mail attachments before the mailing list distributes them. Question is
if Apache infra supports both cases.

  Eike

-- 
 PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication.
 Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3  9E96 2F1A D073 293C 05FD

Mime
View raw message