Mike, I'd like to pass this on to another list that I'm on which is discussing just this issue. May I?
Richard On Wed, 2002-04-24 at 21:47, [EMAIL PROTECTED] wrote: > On Wed, Apr 24, 2002 at 09:21:12PM -0700, Richard S. Crawford wrote: > > I'm operating under the assumption that while viruses for Linux that > > spread like Windows viruses are very rare, there are still some out > > there. > > > > So, given that, what level of vigilance is necessary against incoming > > viruses in a Linux system? > > Richard, > > Short answer: don't read email as root, don't open attachments from > email ever, do update your mail handling system from time to time > especially if you heard about an exploit in some component you use, > and do think before you react to an email. > > > Email borne viruses fall into three main categories: > > - Vulnerabilities in your mail handing system, > (mail server, fetchmail, procmail, email client, etc...) > > Which typically stack overflow problems and should be very rare > and fixed by the upstream maintainers in a heart-beat once found > (sometimes quietly fixed) however these fixes get a fair amount of > publicity if found in the wild. > > - Vulnerabilities in your attachment processing system or programs, > (mail client auto-open-attachments, mailcap, > openoffice, abiword, gnumeric, etc...) > > A mailcap configuration _can_ be extremely dangerous, because you > can elect to do anything you want with a data stream based on it's > mimetype. If you pass a outside data stream to a vulnerable program > with mailcap or even manually you are at risk of any exploits against > that program. > > There are a large number of these holes which exist, and some > get created or closed every day. Basically any program you run > that can be feed an input file and crashes is a hole should not > be trusted with a mail borne data stream. Fixes are not generally > well published, as long as you stick to text based email you are safe. > > If you are doing mail as your own user the good news is you can > not damage the system, just wipe out the files owned by your user > account. This is until someone builds a super virus which would > get initial user access through an application vulnerability then > run a collection local-root exploits to take over root. This will > be front page news practically ever where. > > - Vulnerabilities in wetware processing the mail, > ("send to all your friends or else", "Make money fast", > "do X and your hair won't fall out" > save-to-file/change-to-file/chmod-to-executable/run-[as-root]) > > There isn't much that can be done about these people, short > of turning on spam filters, education, or execution (depending > on your stance). > > TTFN, > Mike > _______________________________________________ > vox-tech mailing list > [EMAIL PROTECTED] > http://lists.lugod.org/mailman/listinfo/vox-tech -- Sliante, Richard S. Crawford mailto:[EMAIL PROTECTED] http://www.mossroot.com AIM: Buffalo2K ICQ: 11646404 Yahoo!: rscrawford MSN: [EMAIL PROTECTED] "It is only with the heart that we see rightly; what is essential is invisible to the eye." --Antoine de Saint Exupery _______________________________________________ vox-tech mailing list [EMAIL PROTECTED] http://lists.lugod.org/mailman/listinfo/vox-tech