[NHCOLL-L:543] RE: Virus warning about e-mail to this group
Peter Rauch
anamaria at grinnell.berkeley.edu
Thu Apr 20 12:16:12 EDT 2000
On Thu, 20 Apr 2000, Roberta Faul-Zeitler wrote:
...
> Perhaps we need to establish a simple protocol about attaching any
> attachments to email messages that get circulated on the NHCOLL listserv.
> Perhaps an attachment MUST be vetted first (scanned for virus) before it is
> put up on the listserv. That's a simple enough rule.
>
> The other option is to eliminate attachments altogether -- less attractive,
> but less costly than the time and repair expense if a virus leaks through
> and attacks your network (spoken from unfortunate experience).
The problem goes further than "attachments".
Attachments are not always sent intentionally; so, unless
nhcoll-l intends to edit _every_ message that is submitted, to
see if it has an attachment, the (possibly "infected") posting
will have been posted and done its damage before it was examined
by anyone. Some of the viruses/kin are designed to be sent
without even the sender's knowledge, much less his explicit
actions.
Secondly, some forms of infections don't have to come along as
"attachments".
And, "vetting" all (or even some) submitted messages will create
a new workload on the list's volunteer "editors" (which they may
not appreciate), and will cause time-sensitive postings to be
delayed.
You can make policy about not submitting attachments, not
submitting HTML-ized, uuencoded, binhexed, and other forms of
encoded messages, to let subscribers know that it's frowned upon.
But, when push comes to shove (i.e., when the virus mongers come
to play), push usually prevails --that's how the hackers get
their kicks, defeating the guard dogs.
Meanwhile, you might want to GET the archive file that contains
the offending text-- the stuff between the lines of that Pober
message on "Subject: [NHCOLL-L:523] New Publication - Murray's
Museums Their History and Their Use", dated
"Date: Wed, 19 Apr 2000 07:45:10 -0400", starting with:
<SCRIPT><!--
and ending with:
//--></SCRIPT>
in that message and delete it, and PUT the edited archive file
back. Be careful to not destroy the remaining archive in the
process. Deleting the worm probably won't make a big dent in
anyone's risk --I doubt that many people GET the archives, and
those who will, will probably not get infected by that copy. I
guess it's more a question of whether the list sponsors think it
is esthetically more pleasing to cleanse the archive, or to leave
it be a faithful record of _all_ transactions posted to the list
:>)
Peter
More information about the Nhcoll-l
mailing list