Re: "cid" special identifier from Al Gilman on 2002-05-13 (uri@w3.org from May 2002)

From: Al Gilman <asgilman@iamdigex.net>
Date: Mon, 13 May 2002 11:44:47 -0400
To: "Sean" <noahbudy@flash.lakeheadu.ca>, <uri@w3.org>
Cc: <SteveS@medecell.com>
Message-Id: <5.1.0.14.2.20020513113623.02154360@pop.iamdigex.net>

So far as I know, you are on the right track.

Read

 Topics: Anti-virus Filtering
 http://www.columbia.edu/acis/email/topics/antivirus.html
 
and, more generally, Google for "MIME email virus" for yet more information.

That's how I found the page at Columbia, just now.

Al

>Al, in response to Steve said:
>>>Hello,
>>>
>>>I got your address from an XML message board.  I thought you might be able
>>>to help me out.  I am confused about the use of the attribute value "cid".
>>>I received an email with
>>>
>>><IFRAME height=0 src="cid:EA4DMGBP9p" width=0></IFRAME>
>>>
>>>with no other content.  Have you any ideas as to what the sender might be
>>>attempting to do?
>>>
>>>Thanks,
>>>
>>>Steve
>>> 
>>
>>I am not going to hazard a guess as to just what your correspondent was trying
>>to do.  That often eludes my ken.
>>
>>However, for the original or intended sense of a 'cid' URL and the Content-ID
>>header it is based on, please consult RFC-2392 and RFC-2045.  
>>
>>I just succeeded in retrieving RFC-2392 by putting "RFC-2392" as the search
>>string in Google and hitting the "I'm feeling lucky" option.  YMMV.  Good
>>luck.
>>
>>Al
> 
>===================================
> 
>I too, have received a message with the same <iframe src=cid:...........> type of header, however, the message was not sent blank and I doubt that steve's message was likewise blank - there was an embedded object in the document - in mine it was called Apr18.exe 
> 
>the message itself, without seeing the header info, is empty, but is it possible that this executable file runs automatically when the email is viewed?
> 
>Geobuilder.com mentioned something about virus messages and how to create rules to filter them out of your inbox.
> 
>this message was sent to my hotmail account - is there evidence that a web browser will run an executable from an internal frame (page sourced somewhere else) and deliver a virus payload? or is this something the affects MS outlook and outlook express?

Received on Monday, 13 May 2002 12:10:01 UTC