[Techtalk] Question about a virus risk
Nils Philippsen
nils at wombat.dialup.fht-esslingen.de
Sun Jun 30 12:53:10 EST 2002
On Sun, 2002-06-23 at 18:34, Carla Schroder wrote:
> On Sunday 23 June 2002 09:12 pm, E. Sterling Wall wrote:
> > Hi,
> >
> > I know the basic tech behind viruses in general... Perhaps I should
> > have worded my question a bit differently.
> >
> > My question was actually more along the lines of "Is Kmail and/or
> > Evolution vulnerable to the current variants of Klez that are all over
> > the place?" I am aware that this particular virus is aimed specifically
> > at Windows .exe files, which it infects by adding an extra paragraph to
> > the end of the binaries, as well as creating its own .dll. The reason
> > that I pointed out that I have no Windows but may have Wine is because I
> > wondered if whatever klez uses to infect Window's exe's and create it's
> > dll would be available to it because of wine and/or not available to it
> > because I have no *real* MS apps on this machine. Does that make sense?
> >
> > I've gotten literally hundreds of klez-laden emails in the past month.
> > The first ones came with attachments that didn't even show up in
> > Evolution. The paperclip meaning "attachment here" was on the mail, but
> > the mail itself was blank and there was no note or "open, save, ..."
> > button for the attachment. More recent emails have had the attachment
> > file showing up as plain text.
> >
> > I believe that the email that spontaneously opened up in Kmail had a
> > klez-type virus attachment from the attachment title and type. It was
> > similar to the one below (which i have only included the header and a
> > first line for).
> >
>
> I've had strange Kmail behaviors since the tidal wave of triple-damned email
> viruses hit my mailbox. I finally set up Procmail to block all attachments.
>
> I don't allow HTML email - plain text only. But some .exes will still slip
> through. Evolution should have a 'view source' or similar option to reveal
> all the headers and nasty embedded codes.
It has -- "View/Message Display/Show Email Source".
Nils
--
Nils Philippsen / Berliner Straße 39 / D-71229 Leonberg //
+49.7152.209647
nils at wombat.dialup.fht-esslingen.de / nils at redhat.de /
nils at fht-esslingen.de
Ever noticed that common sense isn't really all that common?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 232 bytes
Desc: This is a digitally signed message part
Url : http://linuxchix.org/pipermail/techtalk/attachments/20020630/901ddb04/attachment.pgp
More information about the Techtalk
mailing list