1. I don't have a virus, and I didn't send a virus ...
a. I don't use any Windows software for e-mail
b. Nothing gets embedded in, or attached to, my e-mail unless
I specifically work to do so.
c. Just to be certain, I downloaded the def files from F-Prot
(dated yesterday) FTP site, installed, and scanned both
harddrives -- drives C: through U: They were clean, as
was memory, MBR, and boot records
2. The virus screening at GO has a problem. [Please read on before you
get your tech panties in an uproar, OK?]
a. What I sent was a reply to a message I received; in that
message the "quote" included the first few lines of a UUE
file containing a virus supposedly sent BY me to at least
one person on the mailing list.
b. I hardly expected those few lines of UUE code to set off
any alarms on the way out, since it didn't set off any
alarm on the way in ... after all, I received the message!
c. Attached to this message is a zipped copy of the message
I received and responded to, quoting the message body in
its entirety. Since you people use Windows for almost all
desktop work, I have zipped it with a password so it can't
be opened automatically. The password is: noc You can
unzip it where/when you desire, and read it in text format.
d. Either the outgoing screening isn't robust enough, or there
is a serious flaw in the screening setup. It really needs
to be checked out, because anything that would set off the
bit-bucket-send-mail 'bot on the way out should have been
stopped on the way in.
3. I would suggest that you revise the current 'bot setup on incoming
e-mail, to stop any automatic generation of "virus warning" to the
apparent sender of infested mail Amavis stops.
WHY? Because at least one of the new viruses now not only will send
to whatever e-mail addresses it culls from a system's HDD ... it will
forge the FROM field to show an innocent individual as the source of
that infection!! At least two people on the mailing list have received
a virus "from me" ... people I don't even have e-mail addresses for
anywhere on my system. I have requested that anyone else who receives a
virus "from me" forward at least the headers so that I can then forward
that data to you.
I've heard of some fairly refined e-mail viruses out there that
Windows software is subject to infection with, but this is the first
time I've heard that a virus was refined enough to successfully forge
the FROM: field to reflect one of the e-mail addresses culled from the
system it is operating on. I've uttered a few more curses aimed at
BillyGate$ and Redmond.
Most sincerely,
l.d.
====
On Fri, 15 Mar 2002 15:18:33 -0500, [EMAIL PROTECTED] wrote:
> V I R U S A L E R T
> The GO Concepts viruschecker found the
> Exploit-MIME.gen
> virus(es) in your email to the following recipient(s):
> -> <[EMAIL PROTECTED]>
> -> <[EMAIL PROTECTED]>
> Your system is infected with the virus listed above.
<snip boilerplate to save bandwidth>
-- Arachne V1.70;rev.3, NON-COMMERCIAL copy, http://arachne.cz/
notvirus.zip
Description: Zip archive
