-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Saturday 01 Jan 2005 15:33, Richard Urwin wrote: > > Wish it were that simple. I'm not running a mail server with windows > > clients. This is a dual booting stand alone machine and I never use > > windows for downloading mail. (In fact I use it as little as > > possible.) > > So long as you do not _read_ mail in Windows you are still safe. If you > need to do so you are probably safe so long as you don't use Outlook. I > would trust Evolution (designed as a mail client) more than Mozilla > (trying to be an IE/Outlook killer), but they are both probably OK. > Just because there are worms in some files on your system it doesn't > mean you are in imminent danger; the worm needs to be executed to do > any harm, and sitting in a mailbox it isn't in an executable state. > I don't use Evo, but IIRC it uses mdir format, which means that each message is in a separate file (mbox puts a whole mail folder into one file). This being so, if you can identify which messages are the infected ones you can safely delete them, leaving all others. Whichever format a mail agent uses, deleting the offending messages, then compacting the folder (in mbox this is very important - if mdir format does it, use it) should leave you in a safe state. OTOH, if you don't read your mail at all in windows you are not going to be propagating the virus anyway.
> If you search for attachments with the extensions .com, .exe and .zip > you can probably delete all the infected mails by hand. (From Linux, > just to be sure.) > If you want to make it easy for yourself in future, read the TWiki page on setting up PopFile (it exists for windows, too). Training is a doddle, and after, say, 2 days everything should be working really well. You have to hand-classify the first few virus types that it sees, but then it can be set to add [virused] to the headers, and the mail agent can filter them into a separate folder for you. Messages classified: 27,224 Classification errors: 115 Accuracy: 99.57% (Last Reset: Tue Jul 6 14:35:03 2004) > > Do the names Worm.bagle.AP, Worm.Somefool.P, SCO.A mean anything > > here? > Yes, I've heard them all. Some of them exist under more than one name, and the various anti-virus sites will often only list one name. The main thing is not to panic. We can help you set up systems to keep you safe, but virused emails do keep coming. There's nothing you can do about that. Those who run mailservers filter them out at that level, but it's perfectly safe to do it at desktop level. FWIW, I got around 150 virused emails in November - and I don't have the volume of mail that professionals have - all identified, deleted, and the folders compacted. > > As I mentioned, klamav claims to be able to quarantine messages > > containing viruses and worms but the component klammail doesn't seem > > to exist on my system - ideas, anyone? > I intend looking at clamav soon, but I can't help you on that atm. Anne - -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Mandrake at all levels -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFB1tVAkFAvMr/nNX8RAjb/AJ9N5p+y0bU8/JmwAMYE7GVvg2no+QCghZ/r 5yKeBBSlWrSFXDrVVD45Ez4= =cln8 -----END PGP SIGNATURE-----
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
