incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From TJ Frazier <>
Subject Re: [ooo-user] was RE: [Was: Re: [Discussion]]
Date Wed, 31 Aug 2011 23:35:46 GMT
On 8/31/2011 19:01, Eike Rathke wrote:
> Hi Dennis,
> On Wednesday, 2011-08-31 14:17:38 -0700, Dennis E. Hamilton wrote:
> [... reordering quotes and adding a quote level for better readability, stripping rest
>> From: TJ Frazier
>>> Funny you should mention that. That very problem occurred on Bugzilla,
>>> with DOC attachments bearing Trojan viruses. --/tj/
>> Wow!
>> When was that?
> Last year? But I think what TJ was referring was a case of .doc
> attachments to make them look like a testcase but instead contained
> a JavaScript snippet redirecting the browser to a different site that
> tried to install malware. Quite clever.

Yes, H. Duerr provided a link to the issue:

The spammers' accounts have apparently been removed, but some of the 
attachments may have survived. I found a couple of attachments 
attributed to "Unknown". This might happen if the account was deleted 
before all "contributions" were removed. --/tj/
>> I assume that bugzilla still accepts attachments (we were talking about lists).
> A bug tracker _has_ to accept attachments, without it is useless in many
> cases.
>> What do we do to protect it?
> How about a virus scan on attachments? That probably wouldn't help
> against the JavaScript case though. Virus scans could even be done for
> mail attachments before the mailing list distributes them. Question is
> if Apache infra supports both cases.
>    Eike

View raw message