incubator-ooo-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <dennis.hamil...@acm.org>
Subject RE: [ooo-user] was RE: users@openoffice.org [Was: Re: [Discussion] dev@openoffice.org]
Date Thu, 01 Sep 2011 01:29:02 GMT
The attachment spoken of in the bug report you are linking to is an .html file, so it is likely
it would attempt to execute if opened in a browser.  And it could do things with a malicious
site.

I don't see a case of a .doc file attachment being malicious, or even being spoofed.  Is there
another?

 - Dennis

-----Original Message-----
From: TJ Frazier [mailto:tjfrazier@cfl.rr.com] 
Sent: Wednesday, August 31, 2011 16:36
To: ooo-dev@incubator.apache.org
Subject: Re: [ooo-user] was RE: users@openoffice.org [Was: Re: [Discussion] dev@openoffice.org]

On 8/31/2011 19:01, Eike Rathke wrote:
> Hi Dennis,
>
> On Wednesday, 2011-08-31 14:17:38 -0700, Dennis E. Hamilton wrote:
>
> [... reordering quotes and adding a quote level for better readability, stripping rest
...]
>
>> From: TJ Frazier
>>> Funny you should mention that. That very problem occurred on Bugzilla,
>>> with DOC attachments bearing Trojan viruses. --/tj/
>
>> Wow!
>>
>> When was that?
>
> Last year? But I think what TJ was referring was a case of .doc
> attachments to make them look like a testcase but instead contained
> a JavaScript snippet redirecting the browser to a different site that
> tried to install malware. Quite clever.

Yes, H. Duerr provided a link to the issue:
https://issues.apache.org/ooo/show_bug.cgi?id=113088

The spammers' accounts have apparently been removed, but some of the 
attachments may have survived. I found a couple of attachments 
attributed to "Unknown". This might happen if the account was deleted 
before all "contributions" were removed. --/tj/
>
>> I assume that bugzilla still accepts attachments (we were talking about lists).
>
> A bug tracker _has_ to accept attachments, without it is useless in many
> cases.
>
>> What do we do to protect it?
>
> How about a virus scan on attachments? That probably wouldn't help
> against the JavaScript case though. Virus scans could even be done for
> mail attachments before the mailing list distributes them. Question is
> if Apache infra supports both cases.
>
>    Eike
>



Mime
View raw message