Re: OT: M$ Outlook Virus

To: <debian-user@lists.debian.org>
Subject: Re: OT: M$ Outlook Virus
From: "Hall Stevenson" <hallstevenson@mindspring.com>
Date: Tue, 13 Feb 2001 10:14:54 -0500
Message-id: <[🔎] 00e701c095cf$b8c94160$5b6510ac@flowserve.com>
References: <[🔎] 471B774D9F9BD411B93E00508BB087A644E794@BE020-EX11> <[🔎] 008001c095cd$484723f0$6b10a8c0@ccashman>

> > while it is tru you can remove most scriptin support
> > with removin the microsoft scripting host, what if
> > you're a developer ? Or you're environment requires
> > you to be able to run scripts ?

Use a different e-mail client... ;-) That's not too difficult to do,
unlike suggesting that people not use MS Office. If 99% of your
customers/contact/fellow employees use it and you need 100%
compatibility, using StarOffice, Wordperfect, etc is a nice idea, but
unrealistic.

Please, I don't intend to start a "war"...


> 1. Run a virus scanner, and make sure you update it
> EVERY DAY (even if you know that the frequency of
> updates is slower than that).

That may not help actually. I checked Symantec's virus site yesterday
afternoon and they still listed a "fix" for this virus as pending. We
had no problems here at work that I know of, but we use McAfee. A couple
people did get messages from people outside the company, but McAfee
caught it and deleted the attachment.


> 3. Use an email program that does not support scripting.

mutt ?? ;-)


> 4. Turn off Explorer's hiding of three-letter file extensions. A
> file named "AnnaKournikova.jpg.vbs" is a big tip-off that
> something isn't right. There are, supposedly, viruses that can
> be loaded even if you preview the message, but for the most
> part just seeing the attachment filename is enough for you to
> know that the file shouldn't be double-clicked.

This, I believe, is related to the "Windows Scripting Host" application.
I just unchecked "Hide file extensions for known filetypes" and looked
at an e-mail with an Excel spreadsheet attachment. The "xls" extension
still shows up.


> 5. Set up a quarantine. Not having used Outlook much, I
> can't say exactly how to do this, but I'm sure it's possible
> to set up a quarantine so that any email containing
> attachments (or specific attachments, such as *.vbs) gets
> put into a separate folder from "Inbox." While this doesn't
> technically prevent you from getting exposed, it at least
> puts you on notice that the quarantined files /may/ contain
> viruses, and so you're less likely to start double-clicking
> at random.

Microsoft did release an update/patch for Outlook that had something to
do with attachments and certain extensions. I know *.exe was definitely
one of them... Otherwise, most anti-virus programs are able to
"integrate" into Outlook to do this. On Win9x boxes here, you'll end up
with an "Infected items" folder. This does *not* happen on the NT boxes
though.

Regards
Hall

Reply to:

References:
- RE: OT: M$ Outlook Virus
  - From: Joris Lambrecht <jlambrec@landis.be>
- Re: OT: M$ Outlook Virus
  - From: "Colin Cashman" <ccashman@mediaone.net>

Prev by Date: Re: OT: M$ Outlook Virus
Next by Date: Re: postgresql demond
Previous by thread: Re: OT: M$ Outlook Virus
Next by thread: Re: OT: M$ Outlook Virus
Index(es):
- Date
- Thread