[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: unix and email viruses

Hash: SHA1

On 03/02/08 14:59, Douglas A. Tutty wrote:
> Hello all,
> I think I don't need to be worried but I figured I should check.
> I only run 'nix (debian, OpenBSD), and I'm on dialup.  I note that some
> people run virus scanners on their email (not just as anti-spam) and
> wonder if I need to worry.  I don't get enough spam (other than what
> comes from this list occasionally) to warrent doing anything about spam.  
> I debian or other 'nix suceptible in any way to anything anybody can put
> in an email?  I'm guessing that if someone comes up with something that
> can break e.g. mutt that mutt will be fixed around the same time as a
> virus scanner would be updated.
> Thoughts?

If you have configured your MUA to execute shell scripts and binary
files instead of saving them to disk, you could be vulnerable to
such "manually-activates viruses".

(a) Who sends shell script viruses?
(b) Who configures their MUA to do that?
(c) You'd only be vulnerable to that which the OS allows "you" do
(delete all files that you have "w" on, etc, fork bomb, etc).

We are all also vulnerable to worms & rootkits.  So if someone
socially engineers you into installing a bit of such malware, then
you are also vulnerable.  But that attack vector is more likely to
come from insecure apps running on exposed ports, or from a
compromised distro.

- --
Ron Johnson, Jr.
Jefferson LA  USA

"The kniiife..., the kniiife...  The life of the wife is ended
by the knife."
Stewie Griffin & Eliza Pinchley
Version: GnuPG v1.4.6 (GNU/Linux)


Reply to: