Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Decoding W32/SirCam virus content with Gnus?

3 views
Skip to first unread message

Ronan KERYELL

unread,
Jul 25, 2001, 10:16:16 AM7/25/01
to
Since I receive a lot of confidential documents from foreign people, I've
tried to look at them with Gnus. :-)

When I save the attachment, it is saved as BASE64 encoded and not as decoded
content (wich is a DOS Executable, by the way). Strange... Is there a
specially forged MIME header to get this behaviour ?

Is it possible, when we are on an attachment, to select with the right
button to view it as text in this or another buffer, even if it is not
text, I mean to view the decoded content instead of the BASE64
representation?

Right now I use
perl -MMIME::Base64 -0777 -ne 'print decode_base64($_)' | string
to view them...

I've put an example in
http://perso-info.enst-bretagne.fr/~keryell/tmp/news.gz

Thank you,
--
Ronan KERYELL |\/
Labo Informatique Télécom |/) Tel: (+33|0) 2.29.00.14.15
ENST Bretagne, BP832 K Fax: (+33|0) 2.29.00.12.82
29285 BREST CEDEX |\ E-mail: Ronan....@enst-bretagne.fr
FRANCE | \ http://www-info.enst-bretagne.fr/~keryell

Vincent Bernat

unread,
Jul 26, 2001, 3:20:51 AM7/26/01
to
OoO Vers la fin de l'après-midi du mercredi 25 juillet 2001, vers
16:16, Ronan KERYELL <Ronan....@enst-bretagne.fr> disait:

> When I save the attachment, it is saved as BASE64 encoded and not as decoded
> content (wich is a DOS Executable, by the way). Strange... Is there a
> specially forged MIME header to get this behaviour ?

The MIME headers of these messages are incorrect ("message text" if I
remember for example).
--
I WILL NOT CUT CORNERS
" " " " " "
" " " " " "
-+- Bart Simpson on chalkboard in episode 7F11

those who know me have no need of my name

unread,
Jul 26, 2001, 10:34:34 AM7/26/01
to
<wjbsm96...@gavotte.enst-bretagne.fr> divulged:

>Is it possible, when we are on an attachment, to select with the right
>button to view it as text in this or another buffer, even if it is not
>text, I mean to view the decoded content instead of the BASE64
>representation?

did you try that? perhaps ``K m'' first.

--
warning: i hate typing uppercase, mostly because i don't like seeing too much
of it, and will do my utmost to avoid it. hence where the emacs norm is to
use M-, \M-, C-, \C-, RET, SPC, i use \m-, \m-, \c-, \c-, <ret>, and <spc>.

Ronan KERYELL

unread,
Jul 27, 2001, 5:47:15 AM7/27/01
to
>>>>> On 26 Jul 2001 14:34:34 GMT, those who know me have no need of my name <not-a-rea...@usa.net> said:

those> <wjbsm96...@gavotte.enst-bretagne.fr> divulged:


>> Is it possible, when we are on an attachment, to select with the
>> right button to view it as text in this or another buffer, even if
>> it is not text, I mean to view the decoded content instead of the
>> BASE64 representation?

those> did you try that? perhaps ``K m'' first.

I've just tried but it does not fixed it...

Any candidate to include a MIME type application/W3-SirCam@MM that would
do what I do by hand ? :-)

Right now I use the menu 'Pipe to Command...' with
perl -MMIME::Base64 -0777 -ne 'print decode_base64($_)' | dd bs=512 skip=268 > ~/tmp/a.doc
or
perl -MMIME::Base64 -0777 -ne 'print decode_base64($_)' | dd bs=512 skip=280 > ~/tmp/a.doc
according to the messages and it works...

0 new messages