attachments and just plain images

It is my understanding that images are attachments, as far as email is
concerned. I believe that if you embed an image in email, your email
client will generate an HTML email and pass along the image as an
attachment.

Now, if I am wrong, and there is a quick way for me to allow images
without passing on Outlook virii, I would be happy to put that into
effect.

On Nov 22, 2004, at 1:45 PM, Jim Andrews wrote:

> hi francis,
>
> that's too bad about no more attachments. i was so attached to them.
> on a
> list i ran, one dum-dum sent a 1.2mb attachement by accident and there
> were
> a few viruses distributed via attachments, at other times. so i had to
> disallow attachments, which i didn't want to do, but it just wasn't
> working.
>
> i'm not sure if it also means that images cannot be included, not as
> attachments, but as visible in emails? it would be a shame to lose the
> ability to see images in emails to rhizome. one of the things i like
> about
> this list is there is a mix of types of artists on rhizome.
>
> ja
>
>> goodbye
>> attachments.
>
>
> +
> -> post: [email protected]
> -> questions: [email protected]
> -> subscribe/unsubscribe: http://rhizome.org/preferences/subscribe.rhiz
> -> give: http://rhizome.org/support
> -> visit: on Fridays the Rhizome.org web site is open to non-members
> +
> Subscribers to Rhizome are subject to the terms set out in the
> Membership Agreement available online at http://rhizome.org/info/29.php
>
>
Francis Hwang
Director of Technology
Rhizome.org
phone: 212-219-1288x202
AIM: francisrhizome
+ + +

hi francis,

what you say is what i would have presumed to be the case, ie, whether
images are attachments or not, the scanning program treats them as
attachments and strips them out. however, if you look at the bottom of
Manik's last email, you'll see some images; emoticons. how did these make it
through, do you think? Manik, did you put these images in there or did your
email client just insert some code that you didn't know of? maybe they are
not 'in' the email but are, in the email, <img> tags to image sources on the
net somewhere?

ja

They're linked from another site. If you View Source on the message
you'll see, at the bottom:

<IMG align=bas=
eline
alt="Add FUN to your email - CLICK HERE!" border=0 hspace=0
src="http://www2.incredimail.com/contents/stamps/imstp_emo_en.gif">

Those funny symbols I think are an encoding issue, which seems to show
up even when I View Source using Mail.App. Anyway, the point is that
you can link to images on another site, that's not blocked since it's
not an attachment. (Also, it's harder to spread virii that way.) You
just need to be able to edit the HTML in an email message, but that's
actually not so easy, depending on your email client.

On Nov 22, 2004, at 4:07 PM, Jim Andrews wrote:

> hi francis,
>
> what you say is what i would have presumed to be the case, ie, whether
> images are attachments or not, the scanning program treats them as
> attachments and strips them out. however, if you look at the bottom of
> Manik's last email, you'll see some images; emoticons. how did these
> make it
> through, do you think? Manik, did you put these images in there or did
> your
> email client just insert some code that you didn't know of? maybe they
> are
> not 'in' the email but are, in the email, <img> tags to image sources
> on the
> net somewhere?
>
> ja
>
>
> +
> -> post: [email protected]
> -> questions: [email protected]
> -> subscribe/unsubscribe: http://rhizome.org/preferences/subscribe.rhiz
> -> give: http://rhizome.org/support
> -> visit: on Fridays the Rhizome.org web site is open to non-members
> +
> Subscribers to Rhizome are subject to the terms set out in the
> Membership Agreement available online at http://rhizome.org/info/29.php
>
>
Francis Hwang
Director of Technology
Rhizome.org
phone: 212-219-1288x202
AIM: francisrhizome
+ + +

> They're linked from another site. If you View Source on the message
> you'll see, at the bottom:
>
> <IMG align=bas=
> eline
> alt="Add FUN to your email - CLICK HERE!" border=0 hspace=0
> src="http://www2.incredimail.com/contents/stamps/imstp_emo_en.gif">
>
> Those funny symbols I think are an encoding issue, which seems to show
> up even when I View Source using Mail.App. Anyway, the point is that
> you can link to images on another site, that's not blocked since it's
> not an attachment. (Also, it's harder to spread virii that way.) You
> just need to be able to edit the HTML in an email message, but that's
> actually not so easy, depending on your email client.

Yes, I right clicked on Manik's email and selected 'View Source' and saw the
above code you mention also. And yes, the question becomes 'How do you edit
the HTML code of the email message?' I don't see a way to do that in
Outlook. Probably for security reasons. Security security. Yeesh.

Anybody know of email clients that let you edit the underlying HTML code?

I've been through this a bit before when I had to disallow attachments on
another list. Didn't really want to disallow it, like Francis doesn't, but
it would be irresponsible of Rhizome to permit attachments when they know
viruses are transmitted that way.

ja

>It is my understanding that images are attachments, as far as email
>is concerned. I believe that if you embed an image in email, your
>email client will generate an HTML email and pass along the image as
>an attachment.
>
>Now, if I am wrong, and there is a quick way for me to allow images
>without passing on Outlook virii, I would be happy to put that into
>effect.

francis,

you are right. (and am a little surprised you wouldn't be absolutely
positive about this).


PHP has an easy function to check out an image file. since you can't
make a virus image, this would keep out viruses. Don't know what
language the lists use. but if the server can read a MIME-type at
all (and can images), that is enough to identify the type.

here's an example for an html page, but same idea for webmail.

$Done = FALSE;
if ($Img) {
if (($Img_type == "image/jpeg") || ($Img_type == "image/gif")) {
copy("$Img", "imgs/$Img_name";
unlink ($Img);
} else {
print ("please upload a gif ar jpeg image");
unlink ($Img);
}
$Done = TRUE;
}


but by far, the biggest obstacle would seem to be letting folks use
the rhizome mail program on the server to dish out all those MBs.
One little file would surely slow the delivery updates by a few hours
(depending on the size, speed of server(s)). eventually, it'd become
common and you'd get 30+ a day, which'd probably crash the server.

you could dramatically limit the size ( if ($Img_size < 15000) ), so
only one is in the queue at a time ( if ($Done) ). still sounds
like a can of worms though. francis, you'rer better off just saying
"no images". emails are about 1000th the file size. the server
handles them well enough. we can deal with that.

judson
–

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

PLASMA STUDII
art non-profit
stages * galleries * the web
New York, USA

(on-line press kit)
http://plasmastudii.org

> >what you say is what i would have presumed to be the case, ie, whether
> >images are attachments or not, the scanning program treats them as
> >attachments and strips them out. however, if you look at the bottom of
> >Manik's last email, you'll see some images; emoticons.
>
> unless you configure your email client not to process html (isn't the
> default). good to leave the html off to prevent some spam. i forgot
> to mention, some images are really linked images, not literally
> embedded. the server with the image can keep track of the hits that
> way. but by keeping track of which images were requested (when you
> open or preview that mail), they know which addresses were valid and
> can sell yours to other spammers.
>
> obviously not every spammer does this, but i went from about 200/day
> to about 10. gradually, your name goes out of circulation.

Yes, clearly if html is processed via the email client, spammers have the
ability to check whether the email has been read.

Oddly, perversely, sadly, whateverly, I cannot bring myself to limit my
email to plain text.

ja

On Nov 22, 2004, at 5:30 PM, Plasma Studii wrote:
> since you can't make a virus image, this would keep out viruses.

unfortunately untrue:

http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

Of course only allowing linked images wouldn't fix the problem if there
*was* a JPEG virus, so whatever.

I don't think there ever was a 'real' JPEG virus found in the wild.

but who knows.. http://slashdot.org/article.pl?sid/09/27/2319222

ps, microsoft sux

–
<t.whid>
www.mteww.com
</t.whid>

>On Nov 22, 2004, at 5:30 PM, Plasma Studii wrote:
>> since you can't make a virus image, this would keep out viruses.
>
>unfortunately untrue:
>
>http://www.microsoft.com/technet/security/bulletin/MS04-028.mspx

a "buffer over-run" seems to be something other than a virus. it
doesn't make copies of itself, just crashes the machine it's on, when
you try to open it. at least that's what this appears to be saying.
anyway, after some thought see that limiting the file size to only
small GIFs (<100k), would be a better even than accommodating for
jpegs.

still, just ditching any attachment is the safest. screw these
eye-candy ass whiners!

>
>
>ps, microsoft sux


oh certainly! i didn't mean to imply microsoft users shouldn't get
viruses! only that viruses shouldn't be distributed by the rhizome
server, because of taxing the mail server. by all means, anyone who
tries passing off a microsoft product as a substitute for real
software, definitely deserves the viruses they are prone too.

sorry for the confusion, twhid.

On Nov 22, 2004, at 8:46 PM, Plasma Studii - uospn