[WEB4LIB] Re: Attachments are now stripped

Thomas Dowling tdowling at ohiolink.edu
Wed Jan 24 09:54:05 EST 2001 

----- Original Message -----
From: "Bob Rasmussen" <ras at anzio.com>
To: "Multiple recipients of list" <web4lib at webjunction.org>
Sent: Tuesday, January 23, 2001 4:32 PM
Subject: [WEB4LIB] Re: Attachments are now stripped


> On Tue, 23 Jan 2001, Roy Tennant wrote:
>
> > In the wake of the Melissa virus recirculating, SunSITE system
> > administrators implemented a script that automatically strips
> > attachments from Web4Lib postings.
>
> I'd noticed. But I think the cure was worse than the disease, or at
least it
> could have been done more elegantly. Let me explain.
>
> Of course attachments that are .EXE, .VBS, etc., are dangerous. But most
> offending messages have a plain text part and an HTML part. This is a
> common configuration, and I don't believe it is dangerous. I use Pine
4.21,
> and it handles this quite well.
>
> With the current handling, I see only the warning message. I have to
switch to
> the other "part" in order to read the original message. I suspect many
folks
> would not know it was there, and would therefore miss the message.
>
> My preferences, in declining order, would be:
>
> 1. Allow HTML.
>
> 2. Place the warning message AT THE END of "part 1", the original tet
message.
>
> 3. Make the original message "part 1" and the warning "part 2"
>


This issue may already be talked through, but let me jump in.

For all of the nasty spammer tricks that can be incorporated into HTML
(inline images that set cookies, window.open scripts, <body onload=...>
etc. etc.), I believe that HTML markup should be disallowed on the list.
And it is the mail client, not the list, that determines which goes first
when the message has a text/html section and a text/plain section.

That said, I think the ideal arrangement would be for the listproc patch
to:

  1.  Observe the value of the MIME multipart boundary.
  2.  Look for content types other than text/plain
  3.  Delete from there to the next boundary, instead of to
      the end of the message.
  4.  Repeat as needed.

However, I suspect the patch to listproc is not flexible enough to make
snip out parts of messages intelligently (and reliably).  Barring that, I
think the current solution is best and safest for the list.

If your e-mail client makes it difficult to view plaintext attachments,
perhaps that's where the real problem lies.


Thomas Dowling
OhioLINK - Ohio Library and Information Network
tdowling at ohiolink.edu

More information about the Web4lib mailing list