Return to index: [Subject] [Thread] [Date] [Author]

RE: Virus inDIGESTion

[Subject Prev][Subject Next][Thread Prev][Thread Next]
Paul,
I see your point but am not sure we are comparing apples to apples. When I
received the daily digest, I received it only in ASCII format. All messages
sent in either HTML or Microsoft Rich Text (RTF) were converted to ASCII and
all formatting tags were stripped out and placed at the end of the message.
RTF messages decoded to ASCII, but the formatting tags which appear to be
encoded in binary format appear as strange characters within the message
making the post difficult to read. Binary attachments were converted to a
character set that required re-encoding using a utility such as Uudecode or
UUencode (haven't used this one in a while and forget which is which).

However, when I receive single messages, Outlook will identify the format of
the message and present it with all HTML, JavaScript or ActiveX commands
compiled for graphic viewing. This is much different than what is received
in a Digest output. When the virus arrived, not only did I have a virus
protection active, I had upgraded to MS's latest security release. When auto
previewing the message, I received a warning that indicated that the
attached message contained embedded ActiveX features which my security
setting would not allow. The basic HTML encoded message appeared in HTML
format, but the attachments were stripped out and inaccessible to me.

This still leaves me questioning whether or not a JavaScript virus can be
activated in mail digest mode when all features other than ASCII are
stripped out.

I think I'll dig out some of the older non-infected messages to see if any
of them allow the HTML or RTF posts to appear graphically. This should
answer the question.

Thanks for your response,
Dennis

-----Original Message-----
From: Paul Ransom [mailto:ad026(--nospam--at)hwcn.org]
Sent: Wednesday, January 31, 2001 9:37 PM
To: seaint(--nospam--at)seaint.org
Subject: Virus inDIGESTion


> From: "Structuralist" <dennis.wish(--nospam--at)gte.net>

> Paul I am not so sure I agree with you as I had subscribed to the digest
> format for over six months. To activate a JavaScript it needs to be
embedded
> into an HTML format or it will not be recognized and run. I did not see a

> Just curious - not meant to be argumentative, but I would like to learn if
> this is actually true!

No problem.

HTML and Javascript are both represented as "ASCII text" in the raw
email or digest file. Your email/digest reader's ability to handle HTML
will determine if you see the source (unformatted HTML code, including
scripts) or the formatted message, hiding the coding. My reader doesn't
do HTML so I see the whole mess.

Attachments to your email, usually binary data (possibly pictures or
other data file, possibly executable code) are automagically converted
and presented using the specified "helper" application in your
email/digest reader software. These attachments are frequently
represented as file icons when you read your message, but are in fact
encoded from binary to low-ASCII and attached at the end of the body of
the message.

Readers that write/display HTML will simply implement whatever is
contained in the HTML message if they are so enabled by design or by
choices permitted in the software set-up.

Afraid that I can't send you a copy of the virus-ridden digest. The
first day there were several messages that contained the virus and I
could see how quickly it affected others - like time-lapse photography,
the digest is a rapid series of snapshots of the entire day. Anyway, you
would probably see exactly what you saw the first time.

Bottom-line: digest format doesn't prevent the spread of virii. Software
choices, prudent selection of software settings and not opening
uninvited code will help.

Using a Mac doesn't hurt, either. :)

--
Paul Ransom, P. Eng.
Civil/Structural/Project/International
Burlington, Ontario, Canada
<mailto:ad026(--nospam--at)hwcn.org> <http://www.hwcn.org/~ad026/civil.html>