Re: oe6 reading mail showing as html raw source?

From: PA Bear (PABear_at_mvps.org)
Date: 08/20/04 

Date: Fri, 20 Aug 2004 15:01:34 -0400

After any IE upgrades and then subsequent Win2K SP upgrades, has anyone ever
attempted to uninstall or reinstall the IE upgrade, Bill? That is, without
first uninstalling the SP which post-dates the install of the IE upgrade?

While I have the utmost respect for most projects running under the
Sourceforge banner, let me ask this: Did the start of this problem coincide
with the install/use of Hotwayd (http://sourceforge.net/projects/hotwayd/) ?
How long has this problem been going on? 

-- 
~PA Bear
Bill Kearney wrote:
> > Are you running Ad-aware SE?  Spybot v1.3?  Do you seek updates for each
> > tool before you use it, every time?  Both have new updates: Ad-aware on
> > 16 Aug-04 and Spybot today (20 Aug-04).
>
> Well, as updated as was possible as of 9pm last night.
>
> > Have you re-configured Ad-aware for a full scan as per
> > http://aumha.org/forum/viewtopic.php?t=5877?
> >
> > Did you run all of the tools in Safe Mode, with 'Show Hidden Files'
> > enabled, and in this order?...
> >
> >     CWShredder, Ad-aware, Spybot, HijackThis
>
> Yep, followed them in order.
>
> > Have you posted your HT log to a recommended forum and gotten the 'all
> > clear' from an expert there?
>
> Not as yet.  You can imagine I'm loathe to expose this situation to yet
> another 'band of experts'.  It's gobbled up way too much time already
> confirming what it's NOT to people who sometimes appear to know less about
> this than I already do.  Such is the price paid of course.
>
> > Judging from everything you've posted here, Bill, I have little doubt
> > that the Windows Profile is damaged, not OE or any identities, and,
> > barring anything you've not yet revealed here, the damage has most
> > likely been caused by malware.
>
> I'm not so quick to go blaming it on malware.  Other than the cookies I
> get nothing tripped on any of my log reports.  I've even gone so far as
> to put write protected directories in the common places programs like
> Comet Cursor want to try using (heh, they can't run if they can't even
> install).  So it's not like I'm unaware of the risks, how to prevent them
> and how to deal with fixing them.
>
> I do, however, appreciate that it's not always obvious that folks on the
> other end of the wire have the ability to do what's required.
>
> > While you may be quite an experienced computer user, if
> > that experience does not include interpreting hundreds of HijackThis
> > logs accurately you cannot state with any certainty that the Profile is
> > malware-free without getting the 'all clear' from one of the pros who
> > post to HT log-specific forums.  See "our" sub-thread here.
>
> I can certainly appreciate that opinion.  I respectfully disagree about
> "pros" and "all clear" sentiments.
>
> > Bill, you post using a Hotmail address.  None of this is occurring in
> > messages received by an MSN/Hotmail account, correct?
>
> Were I retreiving them directly from Hotmail I suppose that might be a
> question to answer.  I don't.  All mail is pulled into an IMAP box.
> Hotmail is pulled via the quite handy little tool known as hotwayd.  Thus
> all mail is pulled via IMAP and, as I've already checked and
> double-checked, the mail in the server's mailboxes are quite normal and
> work perfectly using another account with it's identity configured with
> the same mail server settings.
>
> I've long used hotmail for usenet postings because of it's reasonably
> reliable spam filtering.  It's a good throwaway address but one that
> actually works with out all the user@removethis.whatever games.  Being
> that I can pull it via cron controlled fetchmail jobs and further process
> it with spamassassin makes it painless.
>
> > Have you considered creating a new Profile/Log-on, moving the old
> > Profile's data to it and then deleting the latter?
>
> Yeah, it's the "moving the old Profile's data" that's SUCH a pain in the
> ass.
>
> > Did you upgrade to WinXP (?) from an earlier Windows version?  Which
> > one?
>
> Nope, as I stated at the outset this is a Windows 2000 box with sp4 on it.
> It has, however, had a long history as it started at w2ksp1 and IE55 and
> has probably suffered at the hands of quite a few of the hotfixes along
> the way. Trouble is the profile in question is THE ONE that I use most
> heavily and there's a metric-assload of things that have configured
> themselves to work within it's various registry entries.  Picking this
> apart and moving it to another profile (something I've done before) is
> just not something I have much desire to perform.
>
> Riddle me this, is there a tool like the unix 'diff' for registry trees?
> One that I could point to a particular point of the tree and compare
> against something else?  The trick would then be to know 'where' in the
> trees to make the comparisions.
>
> What "looks like" is going on here is that when OE pulls up a message it
> uses the IE control to show it.  That control is, apparently, being fed
> from normal data and is being transcoded into HTML improperly.  That is,
> either OE or the IE control is looking at the data and 'deciding' it
> needs to be pushed through some sort of HTML parsing or converting stage
> prior to display.  I've wrestled with code that harnesses the IE control
> and it's not always an easy process.  But, near as I can tell, it's in
> that stage that the process fails.
>
> What's further intriguing is the way Reply and/or Forward are concerned.
> The data that gets pushed to the new reply/forward form is encoded HTML.
> That is, it has been pulled up from disk, converted to HTML and then
> transcoded into encoded HTML.  Going from "text-(linebreak)-text" into
> "text-<BR>-text" and then further bastardized into "text-&lt;BR&gt;-text".
> I've done plenty of XML and HTML programming and this is a clear sign that
> some parser is being overzealous or called incorrectly.  We see this all
> the time in XML documents that incorrectly double-encode things (like
> &copy; as &amp;copy;).
>
> It would be interesting to hear from an OE developer directly as to how OE
> pumps it's data into the IE control.
>
> -Bill Kearney