Oh, so it wasn't actually an MS Office file, but a spoof with a .doc filename?
That would definitely be hard to catch. I'm not sure what would cause it to execute though. Was there a condition under which the exploit could be made to be run while pretended to be a .doc file? -----Original Message----- From: Eike Rathke [mailto:[email protected]] Sent: Wednesday, August 31, 2011 16:01 To: [email protected] Subject: Re: [ooo-user] was RE: [email protected] [Was: Re: [Discussion] [email protected]] Hi Dennis, On Wednesday, 2011-08-31 14:17:38 -0700, Dennis E. Hamilton wrote: [... reordering quotes and adding a quote level for better readability, stripping rest ...] > From: TJ Frazier >> Funny you should mention that. That very problem occurred on Bugzilla, >> with DOC attachments bearing Trojan viruses. --/tj/ > Wow! > > When was that? Last year? But I think what TJ was referring was a case of .doc attachments to make them look like a testcase but instead contained a JavaScript snippet redirecting the browser to a different site that tried to install malware. Quite clever. > I assume that bugzilla still accepts attachments (we were talking about > lists). A bug tracker _has_ to accept attachments, without it is useless in many cases. > What do we do to protect it? How about a virus scan on attachments? That probably wouldn't help against the JavaScript case though. Virus scans could even be done for mail attachments before the mailing list distributes them. Question is if Apache infra supports both cases. Eike -- PGP/OpenPGP/GnuPG encrypted mail preferred in all private communication. Key ID: 0x293C05FD - 997A 4C60 CE41 0149 0DB3 9E96 2F1A D073 293C 05FD
