Ethan Blanton elb at
Fri Jul 20 10:34:09 EDT 2012

Mark Palen spake unto us the following wisdom:
> We are in a corporate environment and use Pidgin for those of us who
> want to IM.  We had an incident where one of our lady's AIM account
> was hacked and the avatar was replaced with a very indecent picture.
> When she sent an IM to others within the office this picture came up
> as her avatar.
> Pidgin has worked very well for us, however, is there any way to block
> the avatar?

First of all, I apologize for the unhelpful responses from the peanut
gallery.  This is a public mailing list, and sometimes users get too

There are two things you can try.  Both will require running a cleanup
script on every host that has the icon.  If you couple this with
changing her actual online icon to something not indecent, it should
take care of your problems.

The first (easier) method is this:

    1) Find a copy of the icon, or else find a user who has the
       indecent icon in their Pidgin

    2a) If you found a copy of the icon, get its SHA-1 checksum; the
        'sha1sum' command will do this on most Linux boxes, 'shasum'
        on OS X.  Call this <checksum> for the following instructions.

    2b) If you found a buddy list that contains the icon, search for
        the affected user's username in the buddy list in
        ~/.purple/blist.xml.  You should see something like this:

        <buddy account='Ethan Blanton' proto='prpl-aim'>
            <alias>Affected Buddy</alias>
            <setting name='last_seen' type='int'>1319733408</setting>
            <setting name='buddy_icon' type='string'>d8159b2f6217e8833e1eab4ee7cee4dd8e81a8ca.jpg</setting>
            <setting name='icon_checksum' type='string'>d8159b2f6217e8833e1eab4ee7cee4dd8e81a8ca</setting>

        Find the checksum of the buddy icon in the <setting> with the
        attribute name='icon_checksum'.  In this case, the checksum is
        d8159b2f6217e8833e1eab4ee7cee4dd8e81a8ca.  Call this
        <checksum> for the following instructions.

    3) On each computer that has cached the offending icon, remove

The second, slightly more complicated method (more complicated only
because it requires doing more than a single file deletion on the
hosts that have the offending icon) requires parsing
~/.purple/icons/blist.xml on each user's account, and removing the
icon you find marked there. If we call the user with the bad icon
<username>, you want to find the following XML item (in XPath
notation) in blist.xml:

    /purple/blist/group/contact/buddy[@proto="prpl-aim" and name="<username>"]/setting[@name="buddy_icon"]

The value of this node is the name of a file in ~/.purple/icons.
Remove that file, and the offending icon will be gone.

All icon deletions (whichever method you choose) need to be done when
the local Pidgin is not running, or Pidgin may just restore the icon
the next time it gets an update over the network.

In both cases, you need to have the affected user change her icon to
something non-offensive, or these hosts will just re-fetch it when
they fetch their buddy lists again.

If you have lost control of the affected AIM account completely ... I
dunno.  We can't block individual icons.

The peanut gallery advice on NOT using free public corporate IM
servers for business functions is good advice.  There are numerous
open source XMPP servers, you may wish to look into using one.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 482 bytes
Desc: Digital signature
URL: <>

More information about the Support mailing list