[wellylug] malicious code in email?

V K list0570 at paradise.net.nz
Wed Jun 5 20:18:09 NZST 2002 

Bob,

I'll reply to the list as there might perhaps be more people
interested.

> thanks for the reply to my email "malicious code in kmail".

you're welcome. I recently spent some time on researching kmail and
mutt, and was very disappointed to find that kmail doesn't do the job,
because it looks very nice and has some very nice features. I have
often heard people say good things about evolution, it's on the SuSE
CDs. I must try it again (some while ago it didn't do something
critical I need).

> is it a bug in kmail or is it some sort of malicious code in an email?

Probably neither. kmail is strictly speaking standards compliant. Over
time some poeple have developed email clients which use an inofficial
extension to the standard. Worse, there are variants of this extension.
And, this extension is not compatible with the standard. However, the
extension solves a problem the standard doesn't: you can't have any(!)
line in a standard-compliant email which starts with "From " (spelling,
casing, and the space are important). This clearly sucks.

The developers of kmail decided to do the P.C. thing and ignore any
attempts at kmail handling both, thus kmails fails to handle your mail.
Apparently, there is a security risk in handling the extension (or so
people in the know claim), but I am convinced this can be handled
reliably by a correct system setup.

If you want to read the details (mbox format and content-length:
header), try this:
http://wp.netscape.com/eng/mozilla/2.0/relnotes/demo/content-length.html

There is no easy and allround satisfying solution to the problem. kmail
won't do it, evolution might not either. Mutt will. procmail can be
used to translate from one format to the other. Here's a command using
procmail which likely converts your mail such that kmail will read it.

formail -s formail -Icontent-Length: <YOURMAIL >YOURMAIL-new

This must be 1 line, and assumes all the mail to change is in file
YOURMAIL. Change the name to whatever it is. The filtered mail will be
in YOURMAIL-new.

All lines starting with "From " will be changed to start with ">From ".
This can not be avoided with strictly standard-compliant email clients,
unless perhaps the whole email is mime-encoded as well.

Volker

-- 
Volker Kuhlmann			is possibly list0570 with the domain in header
http://volker.orcon.net.nz/		Please do not CC list postings to me.


------------------------ Yahoo! Groups Sponsor ---------------------~-->
Is your e-business built on a strong, secure foundation? Find out with VeriSign's FREE White Paper, "Building an E-Commerce Trust Infrastructure.” Learn how to authenticate your site to customers, secure your web servers with 128-Bit SSL encryption, and accept secure payments online. Click here:
http://us.click.yahoo.com/O62TUC/NyKEAA/sXBHAA/0XFolB/TM
---------------------------------------------------------------------~->

  .-.   Wellington
  /V\   Linux
 // \\  Users       
/(   )\ Group
 ^^-^^
        http://wlug.paradise.net.nz/

To unsubscribe from this group, send an email to:
wellylug-unsubscribe at egroups.com
  

Your use of Yahoo! Groups is subject to http://docs.yahoo.com/info/terms/

More information about the wellylug mailing list