openoffice-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dennis E. Hamilton" <>
Subject RE: [ooo-user] was RE: [Was: Re: [Discussion]]
Date Thu, 01 Sep 2011 01:29:02 GMT
The attachment spoken of in the bug report you are linking to is an .html file, so it is likely
it would attempt to execute if opened in a browser.  And it could do things with a malicious

I don't see a case of a .doc file attachment being malicious, or even being spoofed.  Is there

 - Dennis

-----Original Message-----
From: TJ Frazier [] 
Sent: Wednesday, August 31, 2011 16:36
Subject: Re: [ooo-user] was RE: [Was: Re: [Discussion]]

On 8/31/2011 19:01, Eike Rathke wrote:
> Hi Dennis,
> On Wednesday, 2011-08-31 14:17:38 -0700, Dennis E. Hamilton wrote:
> [... reordering quotes and adding a quote level for better readability, stripping rest
>> From: TJ Frazier
>>> Funny you should mention that. That very problem occurred on Bugzilla,
>>> with DOC attachments bearing Trojan viruses. --/tj/
>> Wow!
>> When was that?
> Last year? But I think what TJ was referring was a case of .doc
> attachments to make them look like a testcase but instead contained
> a JavaScript snippet redirecting the browser to a different site that
> tried to install malware. Quite clever.

Yes, H. Duerr provided a link to the issue:

The spammers' accounts have apparently been removed, but some of the 
attachments may have survived. I found a couple of attachments 
attributed to "Unknown". This might happen if the account was deleted 
before all "contributions" were removed. --/tj/
>> I assume that bugzilla still accepts attachments (we were talking about lists).
> A bug tracker _has_ to accept attachments, without it is useless in many
> cases.
>> What do we do to protect it?
> How about a virus scan on attachments? That probably wouldn't help
> against the JavaScript case though. Virus scans could even be done for
> mail attachments before the mailing list distributes them. Question is
> if Apache infra supports both cases.
>    Eike

View raw message