Anne Wilson wrote:
I don't use Evo, but IIRC it uses mdir format, which means that each message is in a separate file (mbox puts a whole mail folder into one file). This being so, if you can identify which messages are the infected ones you can safely delete them, leaving all others. Whichever format a mail agent uses, deleting the offending messages, then compacting the folder (in mbox this is very important - if mdir format does it, use it) should leave you in a safe state. OTOH, if you don't read your mail at all in windows you are not going to be propagating the virus anyway.
Are you sure about Evo using mdir format - I only seem to have files for mail folders and the virus is residing in these. What the clamav scan show is as follows:
.evolution/mail/local/Inbox: Worm.Bagle.AP FOUND .evolution/mail/local/Inbox.sbd/Newbie: Worm.SomeFool.P FOUND (rest of scan snipped) ----------- SCAN SUMMARY ----------- Known viruses: 25253 Scanned directories: 31 Scanned files: 59 Infected files: 2 Data scanned: 62.38 MB I/O buffer size: 131072 bytes Time: 76.410 sec (1 m 16 s) [EMAIL PROTECTED] graham]$
If you search for attachments with the extensions .com, .exe and .zip you can probably delete all the infected mails by hand. (From Linux, just to be sure.)
If such attachments existed on my system, I would have known about them - and deleted them at the hurry-up. No single mails show any sign of infection.
If you want to make it easy for yourself in future, read the TWiki page on setting up PopFile (it exists for windows, too). Training is a doddle, and after, say, 2 days everything should be working really well. You have to hand-classify the first few virus types that it sees, but then it can be set to add [virused] to the headers, and the mail agent can filter them into a separate folder for you.
Messages classified: 27,224
Classification errors: 115
Accuracy: 99.57%
(Last Reset: Tue Jul 6 14:35:03 2004)
Looks interesting, I'll check it out. Thanks
Yes, I've heard them all. Some of them exist under more than one name, and the various anti-virus sites will often only list one name.Do the names Worm.bagle.AP, Worm.Somefool.P, SCO.A mean anything here?
The main thing is not to panic. We can help you set up systems to keep you safe, but virused emails do keep coming. There's nothing you can do about that. Those who run mailservers filter them out at that level, but it's perfectly safe to do it at desktop level. FWIW, I got around 150 virused emails in November - and I don't have the volume of mail that professionals have - all identified, deleted, and the folders compacted.
I'm aware that there will always be e-mails with viruses attached. They tend to come in waves - nothing for a while then loads. Usually I just delete them when I get them. The worrying thing here is that what I have picked up doesn't appear to have arrived attached to any individual mail. If it had, I would have spotted it. It is the mysterious nature of the infection - the first I have ever encountered on a Linux box - that has spooked me. I still don't know whether I should quarantine and delete all my mail (a desperate measure indeed) in order to get rid of it.
As I mentioned, klamav claims to be able to quarantine messages containing viruses and worms but the component klammail doesn't seem to exist on my system - ideas, anyone?
I intend looking at clamav soon, but I can't help you on that atm.
Anne
There don't seem to be any Clamav/Klamav users in the group. Unless they're still too hungover to respond :-)
Cheers,
Graham
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
