incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From TJ Frazier <tjfraz...@cfl.rr.com>
Subject Re: [ooo-user] was RE: users@openoffice.org [Was: Re: [Discussion] dev@openoffice.org]
Date Wed, 31 Aug 2011 23:35:46 GMT
On 8/31/2011 19:01, Eike Rathke wrote:
> Hi Dennis,
>
> On Wednesday, 2011-08-31 14:17:38 -0700, Dennis E. Hamilton wrote:
>
> [... reordering quotes and adding a quote level for better readability, stripping rest
...]
>
>> From: TJ Frazier
>>> Funny you should mention that. That very problem occurred on Bugzilla,
>>> with DOC attachments bearing Trojan viruses. --/tj/
>
>> Wow!
>>
>> When was that?
>
> Last year? But I think what TJ was referring was a case of .doc
> attachments to make them look like a testcase but instead contained
> a JavaScript snippet redirecting the browser to a different site that
> tried to install malware. Quite clever.

Yes, H. Duerr provided a link to the issue:
https://issues.apache.org/ooo/show_bug.cgi?id=113088

The spammers' accounts have apparently been removed, but some of the 
attachments may have survived. I found a couple of attachments 
attributed to "Unknown". This might happen if the account was deleted 
before all "contributions" were removed. --/tj/
>
>> I assume that bugzilla still accepts attachments (we were talking about lists).
>
> A bug tracker _has_ to accept attachments, without it is useless in many
> cases.
>
>> What do we do to protect it?
>
> How about a virus scan on attachments? That probably wouldn't help
> against the JavaScript case though. Virus scans could even be done for
> mail attachments before the mailing list distributes them. Question is
> if Apache infra supports both cases.
>
>    Eike
>



Mime
View raw message