-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Sunday 02 Jan 2005 11:20, Graham Watkins wrote: > > .evolution/mail/local/Inbox: Worm.Bagle.AP FOUND > .evolution/mail/local/Inbox.sbd/Newbie: Worm.SomeFool.P FOUND > (rest of scan snipped) > ----------- SCAN SUMMARY ----------- > Known viruses: 25253 > Scanned directories: 31 > Scanned files: 59 > Infected files: 2 > Data scanned: 62.38 MB > I/O buffer size: 131072 bytes > Time: 76.410 sec (1 m 16 s) > [EMAIL PROTECTED] graham]$ > That sounds like mbox. The reason I thought it would be mdir was that I remember a friend having problems importing his mail, and I thought that was the issue. > > There are no dodgy files .exe, .com, .pif or otherwise.
The problem there is that virus writers realise that we now recognise these, so they use a variety of tricks to hide the .exe or whatever. I think it goes something like 'virusedemail.jpg .exe' The mail would display the name 'virusedemail.jpg' but not the '.exe' because of the space. (Speaking only from memory - and there are probably lots of other tricks anyway.) > If they had been > attached to individual mails, I would have known about them already. I > thought that I had made this clear - apparently not. > The problem as I see it is to find some way of disinfecting these files > *without having to wipe all my existing mail*. This is why I was asking > about the bug in Klamav which prevents me from scanning individual mails > in Evolution. > The viruses do not come in on genuine mail. The headers may suggest that they are from a reputable source, but they never are. Many are instantly recognisable as emails that you have not solicited. Delete them. Others claim to come from Microsoft or AV distributors. None of these sources would ever send you an email. Delete them. If you have any messages with *any* attachment other than the MandrakeSoft footer, delete them unless you are *very* sure that they came from a friend with an un-infected box. When you have done all that, compress your mail folder from within Evo, then try the scan again. There is no way that you need to delete all your existing mails if you do all this. > > Are you receiving e-mail that you must open and deal with that also > > contains viruses? And, you must open it in Windows? Is that the > > problem? Like a Word attachment you're expecting from a colleague > > and it turns out to have a virus perhaps. Even then, you can > > safely open it in OO. OO can't execute VBS macros (the carrier of > > viruses in MSOffice files). > > No, no, and no. I know and this isn't the point of my query. > What exactly *is* the point? That might help us deal with this better. I thought you were concerned because virused emails were present in an evo folder while you have a windows dual-boot system. If that is so, it has already been explained to you that windows will not execute the viruses unless you read the mail in windows. > My Windows setup has a fairly regularly updated Norton AV on it At the rate of propagation recently, 'fairly regularly' is not good enough. It needs to be daily, now, to be efficient. > but > life's too short to boot into Windows just to run a scan - so why do it? Run a scan when you boot into Windows to use it - before you connect to the Internet. Don't connect and go to your ISP's portal, but straight to the AV update site and get a compete update. Re-run the scan, and you can do anything you like. I presume that running Norton would not pick up the emails in your Evo folder anyway, as Linux partitions are not read by Windows. > that's one of > the reasons I installed Clamav/Klamav. As it was said earlier - if you don't run a mail server there is little point in installing ClamAV. I only intend doing it because I want to set up a mail server. I've been running Linux exclusively for almost 3 years now, and have never infected anyone, nor has a virus on my system caused me any problems before I discovered how to filter them to make removal easier. Anne - -- Registered Linux User No.293302 Have you visited http://twiki.mdklinuxfaq.org yet? Mandrake at all levels -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQFB195/kFAvMr/nNX8RAnsGAJ9lQMPnrLjvRvi34RY1M2BbW5z3zwCeJFrF cgVlt7WFEikpcgIwUbiapu0= =Aceg -----END PGP SIGNATURE-----
____________________________________________________ Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com Join the Club : http://www.mandrakeclub.com ____________________________________________________
