On Tue, 10 Jul 2001, Samuel W. Heywood wrote:
> Another question: How can your anti-virus software determine if
> an email message contains a virus *before* the attachment has
> been decoded?
Because it's done at the POP server. The pop
server simply looks for attachment names of known
virii, for instance, "sexy_virgin.scr" and deletes
them instead of sending them on to the intended
recipient.
> I have heard that windozers can get infected simply by opening the
> email message and reading it, but I don't believe it. The basic
> message part is only ascii text.
Wrong. Many e-mails have no ascii text at all.
They are pure html/javascript. Outlook Express has
security holes which can be exploited through the use
of JavaScript (or more accurately ActiveX and JScript)
> According to my understanding,
> you cannot run a virus simply by reading an ascii text file, but
> there are those who will say that my understanding is wrong.
A text file, no... but most Windows users automatically
read their e-mail in Outlook, so don't even know if a
message is text, html, or both.
> I would like to be referred to a URL written by a highly respected
> and credible authority where information is presented to clear up
> such misunderstandings as may exist regarding this matter. Most
> people who claim to be expert authorities on viruses aren't.
How about the oldest virus site on the net?
Here's a worm that doesn't even need to be read in OE.
Simply previewing it is enough to infect the machine.
http://www.europe.f-secure.com/v-descs/kak.shtml
This worm is not in an attachment that needs to be
opened. It is within the body of the message, so if
you're using OE5, and have JS enabled, it's activated
simply by reading the e-mail.
- Steve
