Re: unix and email viruses

[Tzafrir Cohen <tzafrir@cohens.org.il>]

On Sun, Mar 02, 2008 at 03:59:16PM -0500, Douglas A. Tutty wrote:
> Hello all,
> 
> I think I don't need to be worried but I figured I should check.
> 
> I only run 'nix (debian, OpenBSD), and I'm on dialup.  I note that some
> people run virus scanners on their email (not just as anti-spam) and
> wonder if I need to worry.  I don't get enough spam (other than what
> comes from this list occasionally) to warrent doing anything about spam.  
> 
> I debian or other 'nix suceptible in any way to anything anybody can put
> in an email?  I'm guessing that if someone comes up with something that
> can break e.g. mutt that mutt will be fixed around the same time as a
> virus scanner would be updated.

There is one virus that beats any scanner:

http://www.hanselman.com/blog/APoorMansComputerVirus.aspx

Assuming that this potential hole is not used: a virus or a worm does
something that is not what you intended your system to do. Hence by
definition it must exploit some sort of security hole in the system.

There have been in the past some holes in mutt. Or maybe there are some
holes in the tools you normally use to display messages. Both Debian and
OpenBSD are quite serious with respect to security fixes. I figure that
if you have an up-to-date system from distro packages, you can normally
assume you're safe.

But technically given the right security hole in mutt, the right email
message could allow the sender to get your system to run some arbitrary
commands. I haven't heard of this actually happening in the recent years
with mutt.

-- 
Tzafrir Cohen         | tzafrir@jabber.org | VIM is
http://tzafrir.org.il |                    | a Mutt's
tzafrir@cohens.org.il |                    |  best
ICQ# 16849754         |                    | friend