| Return-Path: | <owner-risks@csl.sri.com> |
| Received: | from michael by michael.senanet.com with ftp-bsmtp |
| (Smail3.1.29.1 #3) id m10jvFm-000FqcC; Wed, 19 May 99 04:34 EET DST | |
| Received: | from csla.csl.sri.com([192.12.33.2]) (30173 bytes) by inet.sena.gr |
| via sendmail with P:esmtp/D:dotforward/R:uucp_neighbors/T:batch_smtp | |
| (sender: <owner-risks@csl.sri.com> owner: <real-dds>) | |
| id <m10joag-000015C@inet.sena.gr> | |
| for <dds@senanet.com>; Tue, 18 May 1999 21:27:46 +0300 (EEST) | |
| (Smail-3.2.0.101 1997-Dec-17 #1 built 1998-Oct-12) | |
| Received: | from localhost (daemon@localhost) |
| by csla.csl.sri.com (8.9.1/8.9.1) with SMTP id LAA21154; | |
| Tue, 18 May 1999 11:26:21 -0700 (PDT) | |
| Received: | by csla.csl.sri.com (bulk_mailer v1.5); Tue, 18 May 1999 09:43:37 -0700 |
| Received: | (from server@localhost) |
| by csla.csl.sri.com (8.9.1/8.9.1) id JAA19234 | |
| for risks-outgoing; Tue, 18 May 1999 09:43:36 -0700 (PDT) | |
| Received: | from chiron.csl.sri.com (chiron.csl.sri.com [130.107.15.73]) |
| by csla.csl.sri.com (8.9.1/8.9.1) with ESMTP id JAA19228 | |
| for <risks@csl.sri.com>; Tue, 18 May 1999 09:43:31 -0700 (PDT) | |
| Received: | (from risko@localhost) by chiron.csl.sri.com (8.7.3/8.7.3) id JAA28911; Tue, 18 May 1999 09:42:23 -0700 (PDT) |
| Date: | Tue, 18 May 1999 09:42:23 -0700 (PDT) |
| From: | risks@csl.sri.com |
| Message-Id: | <199905181642.JAA28911@chiron.csl.sri.com> |
| To: | risks@csl.sri.com |
| Newsgroups: | comp.risks |
| Subject: | Risks Digest 20.40 |
| Sender: | owner-risks@csl.sri.com |
| Reply-To: | risks@csl.sri.com |
| Content-Length: | 3044 |
RISKS-LIST: Risks-Forum Digest Tuesday 18 May 1999 Volume 20 : Issue 40 FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS (comp.risks) ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator ***** See last item for further information, disclaimers, caveats, etc. ***** This issue is archived at <URL:http://catless.ncl.ac.uk/Risks/20.40.html> and at ftp.sri.com/risks/ . Contents: Nuclear plant Y2K: High risk-readiness or high-risk readiness? (Mike Perry) Biometric risks (Dan Wallach) Singaporean ISP scans users' PCs (Andrew Brydon) ATMs gobble up cash cards (John Colville) Web browsers, URL collisions, and all that... (Zygo Blaxell) False Viruses (Thomas Gilg) HotMail is no Early Bird: happy99.exe (Malcolm Pack) Virus cleaner corrupts e-mail database (Diomidis Spinellis) MIME-Messages: quoted-printable chars in URLs (Christoph Conrad) New-fangled petrol pumps (Ian Chard) Re: C compilers vs editors: WYSI NOT ALWAYS WYG (Roy O. Wright) Re: Wrong e-mail address (Andrew J Klossner) Re: Risks of 3-letter user IDs (Thayne Forbes) Dimwitted naughty-word filtering lives... (Daniel Rutter) REVIEW: "Removing the Spam", Geoff Mulligan (Rob Slade) Abridged info on RISKS (comp.risks) ---------------------------------------------------------------------- [...] ------------------------------ Date: Tue, 18 May 1999 11:39:59 +0200 From: Diomidis Spinellis <dspin@aegean.gr> Subject: Virus cleaner corrupts e-mail database I was told the following story by an associate who is managing a large distributed IT installation. The administrators at one site installed an anti-virus product on a machine running the Microsoft Exchange e-mail server. Exchange keeps all incoming mailboxes in a monolithic database of a proprietary format. The administrators enabled a parameter of the virus scan program to automatically clean the virus-infected files. The virus scanner detected an instance of the CAP macro virus in a mail attachment WITHIN the Exchange database and proceeded to "clean" the file by performing an in-place modification on it. As a result the database was corrupted, users could not access their mail, and subsequent attempts to repair the database using the facilities provided by Exchange failed. Eventually the database was recovered from a backup resulting in lost e-mail messages. There are many lessons that can be drawn from this story; I would like to emphasise the risks of proprietary, opaque, or gratuitously complicated file formats such as those used by Microsoft Word documents, and the Exchange database. Architecting and implementing an efficient, extensible, and functional file format and interface can be difficult and expensive. However, the cost is most cases justified the resulting robustness, openness, usability, and extensibility of the system. Diomidis Spinellis, University of the Aegean ------------------------------ [...] End of RISKS-FORUM Digest 20.40 ************************
Unless otherwise expressly stated, all original material on this page created by Diomidis Spinellis is licensed under a Creative Commons Attribution-Share Alike 3.0 Greece License.