[CLUE-Tech] don't know much about viruses

David Anselmi anselmi at intradenver.net
Tue May 15 21:53:07 MDT 2001 

The email virus scanners that I've heard of are primarily looking for
Windows macro viruses (VBScript and such like).  They probably also scan
executables attached to emails, but again, I think it's Windows .exe's
they'd be looking at.

In Linux, if you don't execute anything you get in the mail, you won't get
any viruses that way.  You probably have to take an attachment, save it to
disk, and then make it run.  In Windows, all you have to do is double
click on an attachment that runs rather than opens (like executables do),
or even just open it if it's something like a Word doc that has a macro
set to run on open.  Somehow that manages to catch quite a few people.

If you send your original message, with the broken URL, will it bounce
again?  Perhaps htp: is a virus signature somewhere.  Or perhaps you
caught the server at a bad time (don't laugh, I can imagine a bug where
the server detects a virus in one message but bounces a different one).

Dave

R Frank wrote:

> I had a piece of email bounce from where I sent it with
> this message.
>
> ... while talking to gto-mailer1.bbn.com.:
> >>> DATA
> <<< 570 This message is being returned because it may contain a virus.
> 554 tmitchel at bbn.com@cam-smtp1.bbn.com... Remote protocol error
>
> The email I sent was plain text, no attachments, using sylpheed as
> the mail application.  The only thing wrong was I had mistyped a
> url as "htp://www.a2w.net/karel/index.html" in the body
> of the message.  To see if that potentially triggered the bounce,
> I resent it verbatim except htp became http and it went through
> just fine.
>
> But it was a wakeup call.  I've not faced potential viruses on the
> Linux side, and I don't check for any viruses.  On the Windows side
> at school, we are fighting viruses all the time on floppies the
> students bring from home.  I'm thinking a virus cannot jump from
> a windows partition to a Linux partition, and though some viruses
> attack the boot block, would they somehow make it onto a Linux
> floppy?  And this was an email in question.  I thought that email
> needed to have attachments to carry a virus -- plain text was safe.
>
> Is virus protection something I need to start paying attention to?
>
> Roger Frank

More information about the clue-tech mailing list