xemacs lists now subject to content inspection
22 years, 7 months
Stephen J. Turnbull
Due to the increase in spam/virus posts to xemacs lists, and the fact
that the source often seems to be a member of the XEmacs Review Board
or some Internet icon, the only way to filter is by body inspection.
We've been doing this on a limited basis for a while, but the Klez H
virus makes increased snoopiness essential. See analysis at URL:
http://www.symantec.com/avcenter/venc/data/w32.klez.h@mm.html.
(Thanks to Chuqui Rospach.) We're looking at "real" virus scanners,
but installation and configuration is non-trivial, and they also
require constant attention as viruses mutate.
These inspections are complex and therefore bug-prone. For your
information in posting, I describe the current and possible future
restrictions. If you think your post may have gotten lost, feel free
to write the List Administrators <list-manager(a)xemacs.org>.
The following restrictions are now in effect:
1. Header inspections which quarantine or immediately discard common
offenders, and any messages containing 8-bit content in the headers.
(MIME encoded-words are fine; this means raw 8-bit content which is
forbidden by the RFCs in message headers.)
2. Messages with Content-Type text/html are quarantined. This test
has yet to show a false positive in about 100 posts quarantined.
3. All MIME multipart bodies are inspected. We quarantine posts with
attachments, regardless of MIME type (if I get this right, bugs in IE
mean that almost any media type can get executed if it has an
executable extension) with filenames of the form
*.{exe,pif,bat,scr,doc,asp,wab,xls,mpg,mpeg,mp3,rtf}
4. Please also avoid the phrases "downline", "millionaire", "Nigeria",
"national tv", "legitimate business", and "I send you this file in
order to have your advice". These posts are quarantined.
"Quarantined" means they go into a bitbucket that I look at and empty
every week or so. I'm not terribly careful about it, either (so far
I've caught three false positives in about 4000 spams, so the
incentive is very low).
I doubt any of the above restrictions will cause a problem, but the
Klez H virus also uses the extensions .htm, .html, .gif, .jpg, and
.jpeg. If necessary we'll add them to the scan. This could cause
problems with dumb MUAs and visual bug reports.
We apologize for the inconvenience, both in the past from spam that
got through and in the future from these restrictions.
--
Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp
University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN
Don't ask how you can "do" free software business;
ask what your business can "do for" free software.