Tyler Durden <[EMAIL PROTECTED]> wrote: > And then, is it possible to create some kind of filter that stops these > replies?
If it's the type of virus that delivers its payload as soon as it's viewed (relying on bugs in MSOE or whatever), then it's possible that such a thing could go undetected, especially if AV signatures haven't been updated to stop it. Of course, you could also just put a web bug in an HTML email sent to the list and wait for people to view the message in the proper viewer (read: MSOE, &c). Other than relying on bugs (or "features") of the mail client, however, it seems that any such system relies on the user opening a malicious attachment. Any reasonably clueful person knows not to do this, so the answer to the filter question is yes; lack of stupidity is a filter that will stop this sort of attack. Of course, this assumes that the mail client doesn't automagically execute the payload; on the other hand, it could be argued that using such a client is itself an act of stupidity. There's another answer as well: subscribe to a moderated node that demimes messages before passing them on. Viruses won't get through at all, nor will HTML email. LNE used demime before its demise; pro-ns.net and al-qaeda.net do as well. -- Riad Wahby [EMAIL PROTECTED] MIT VI-2 M.Eng
