[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: unix and email viruses

On Sun, Mar 02, 2008 at 10:08:33PM +0000, Tzafrir Cohen wrote:
> On Sun, Mar 02, 2008 at 03:59:16PM -0500, Douglas A. Tutty wrote:
> > Hello all,
> > 
> > I think I don't need to be worried but I figured I should check.
> > 
> > I only run 'nix (debian, OpenBSD), and I'm on dialup.  I note that some
> > people run virus scanners on their email (not just as anti-spam) and
> > wonder if I need to worry.  I don't get enough spam (other than what
> > comes from this list occasionally) to warrent doing anything about spam.  
> > 
> > I debian or other 'nix suceptible in any way to anything anybody can put
> > in an email?  I'm guessing that if someone comes up with something that
> > can break e.g. mutt that mutt will be fixed around the same time as a
> > virus scanner would be updated.
> There is one virus that beats any scanner:
> http://www.hanselman.com/blog/APoorMansComputerVirus.aspx
> Assuming that this potential hole is not used: a virus or a worm does
> something that is not what you intended your system to do. Hence by
> definition it must exploit some sort of security hole in the system.
> There have been in the past some holes in mutt. Or maybe there are some
> holes in the tools you normally use to display messages. Both Debian and
> OpenBSD are quite serious with respect to security fixes. I figure that
> if you have an up-to-date system from distro packages, you can normally
> assume you're safe.
> But technically given the right security hole in mutt, the right email
> message could allow the sender to get your system to run some arbitrary
> commands. I haven't heard of this actually happening in the recent years
> with mutt.

The potential hole I see in mutt is not actually a hole in mutt but in
various helpers used by mutt users. For example, many of us use w3m or
links or some other text browser to dump html messages to plain text
for viewing in mutt. A vulnerability in these text browsers could be
exploited. Maybe some kind of carefully crafted image could cause
problems with imagemagick which I use to view images from within
mutt... really any file that you get to through mutt's mailcap is
dangerous in that it could exploit the vulnerabilities in whatever app
is used to handle that file.


Attachment: signature.asc
Description: Digital signature

Reply to: