John M. Dlugosz has asked for the wisdom of the Perl Monks concerning the following question:

After reading about Microsoft's Email Security patch for Outlook, I'm fed up with it.

Do you know what they did? A list of file extensions, including various scripting things that are the mechanism of most of these worms, and the venerable *.exe, are deemed "unsafe".

An unsafe file cannot be read. Period. It's not deleted, but there is no way to access it! That's nuts. It is not configurable in any way, nor is the patch removable.

I think the real fix is to stop using Outlook for mail! Little things, like clearly showing the complete file name of an attachment rather than a cute picture and a truncated name that's short enough to fit under it, would prevent accidently launching a worm when you thought you were opening a photo.

Anyway, it only takes maybe 20 lines to make a servicable email client in Perl, using some of the modules. A full-blown program with a nice UI and cool features is more work, but it would work from the get-go.

So, has anyone already written one? Using Super Search I found POP3 Email which i bogusware, and lots of false hits.

—John

Replies are listed 'Best First'.
Re: Wanted: POP3 Client in Perl
by miyagawa (Chaplain) on Aug 23, 2001 at 02:19 UTC
    AFAIK, CSCMail is written in Perl + GTK. Maybe it only works well with Unix, though :)

    --
    Tatsuhiko Miyagawa
    miyagawa@cpan.org

[reply]
      Yea, GTK is one way to take a portable Perl program and restrict it to one type of machine.

      —John

[reply]
Re: Wanted: POP3 Client in Perl
by dws (Chancellor) on Aug 23, 2001 at 02:08 UTC
    An unsafe file cannot be read. Period. It's not deleted, but there is no way to access it! That's nuts.

    In Outlook, right-click on the file icon and select Save As... from the pop-up. Once the file is on disk, it can be accessed normally.

    It's still nuts. Microsoft's implication that .zip files are insecure is flat-out lunacy.

    Update: Bah. I'm reacting to an earlier security patch. The one John is referring to is even stupider.

[reply]
[d/l]
[select]
      Nope.

      On the File menu, the Save Attachments command and the View Attachments command on the shortcut menu will not be available for this message.
      I said there's no way to access it, not I overlooked a way other than just double-clicking on the icon.

      .zip is not on The List. But why are Photo CD Images? Why would they be more problematic than JPEGs? And MS's own word DOC files are OK, even though they are a rich source of macro viruses.

      —John

[reply]
        John,
        This is because the .pcd extension is also used by the MS Visual Test product for the compiled pseudo code (now supported by Rational).

        Graham

[reply]
Re: Wanted: POP3 Client in Perl
by VSarkiss (Monsignor) on Aug 23, 2001 at 03:51 UTC

    There are a couple on CPAN -- the source of all good things Perl. I've used Mail::POP3Client in the past to write a rudimentary spam filter (before I changed ISPs ;-). It worked OK, though I didn't really stress it.

    I noticed that NET::POP3 is from Graham Barr, so it's likely to be pretty good. It appears to be a standard module for 5.7.2, so it'll likely be on the next stable release as well.

    HTH

    Update
    Learned how to point links to CPAN! Whoo-hoo!

[reply]
      I saw a comparison on those two modules here when I did my original Super Search. I figured I'd stick with NET::POP3 since it's common.
[reply]

Back to Seekers of Perl Wisdom