Ruth Indeck wrote: >Many people say that the best thing is not to allow attachments at all on a >listserv.
Please see the FAQ at <http://wiki.list.org/display/DOC/Mailman+is+not+Listserv>. >Other people think pdfs are ok (except some are too big for old machines to >donwload). > >I also heard that a virus file could take on a fake extention, like .pdf, and >fool people. I have heard that there were vulnerabilities in some PDF readers that could be exploited with malicious PDFs, but I don't know how big a risk this is. As far as fake extensions/MIME types are concerned, it is entirely possible to put malware in a text/plain part with a .txt extension. The question is what will the MUA or the file manager do with that file when you try to open it. In other words, if the virus comes with a faked benign extension, it is unlikely that the application that opens the file will actually execute the viral code. I'm not saying one should be complacent. I would recommend not allowing anything but plain text and perhaps a few carefully considered image and/or PDF types if the list's purpose requires it on a list with open subscription. On the other hand, if the list is closed and you know the members, you might be safe with no content filtering at all. Others may have additional or conflicting opinions. -- Mark Sapiro <m...@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
