[Asterisk-Users] MS Outlook

Steven Critchfield critch at basesys.com
Mon Sep 22 13:58:02 MST 2003


On Mon, 2003-09-22 at 15:30, Sean Heiney wrote:
> Actually, MS Outlook by default blocks all executables. I'm not sure why
> there is so much negativity around the Outlook client.  Perhaps we
> should all go back to the cave and use Pine.

I'll assume you don't understand the english words you just wrote well
enough to defend yourself. Outlook does not block executables. It
receives them via mail like any other mail message. It by default
doesn't run executables that are sent as executables. But we all know
about the current stupidities of Microsoft in that they look at the mime
header to determine if it is safe to use the file(wav, mid, txt,
whatever that should be a data file), but then executes the file so that
they can use a shortcut to whatever app you defined to run that data
file with. The problem being that they package exe files with a mime
header for one of those innocuous files and the executable shortcut runs
the virus. Not to mention that Outlook is set to by default to display
HTML email and that a HTML mail with an embedded link to the "data" file
inside will cause automatic running of the virus.

So Outlook is not going to block the attachment from taking up residence
on your drive. Outlook has poor security checking, and can be easily
tricked into doing evil things.

Microsoft recently stated themselves that Windows is not designed to sit
on the internet out of the box, but requires a fair amount of hardening.
This applies to all their other software as well as it is all tightly
integrated. Admit it, Microsoft has been patching crap software for a
long time. Linux had an advantage of not caring about market share and
trying to do things the right way. Linux also grew up after the internet
was around and while it was gaining popularity therefore it has had to
grow up in a rough neighborhood and keep itself hardened.


> -----Original Message-----
> From: asterisk-users-admin at lists.digium.com
> [mailto:asterisk-users-admin at lists.digium.com] On Behalf Of Steven
> Critchfield
> Sent: Monday, September 22, 2003 2:10 PM
> To: asterisk-users at lists.digium.com
> 
> On Mon, 2003-09-22 at 13:42, Brian West wrote:
> > I second that... I have received a load of virii from people on this 
> > list..
> > 
> > Received: from torch.junct.com (sootbox.junct.com [65.168.64.10])
> >         by www.bkw.org (8.11.6/8.11.6) with ESMTP id h8MIcEJ06998
> >         for <brian at bkw.org>; Mon, 22 Sep 2003 13:38:14 -0500
> > Received: from wdxmvur (unknown [207.41.124.63])
> >         by torch.junct.com (Postfix) with SMTP
> >         id 461DF4159; Mon, 22 Sep 2003 13:37:08 -0500 (CDT)
> 
> For those of you that have no reason whatsoever to receive windows
> executables, here is a procmail rule that matches the beginning of a
> windows executable no matter what it is named.
> 
> # Base 64 encoded windows executable
> :0B:
> *TVqQAAMAAAAEAAAA//8AALgAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
> AAAAA
> 
> 
> You can use this and deliver the mail wherever you want to. This works
> on the last Sobig, klez and the Swen virus so far. This is what I had in
> my virii folder to test it against.  
> 
> --
> Steven Critchfield  <critch at basesys.com>
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
> 
> 
> _______________________________________________
> Asterisk-Users mailing list
> Asterisk-Users at lists.digium.com
> http://lists.digium.com/mailman/listinfo/asterisk-users
-- 
Steven Critchfield  <critch at basesys.com>




More information about the asterisk-users mailing list