Re: [ql-users] virus
- Original Message - From: Dilwyn Jones [EMAIL PROTECTED] To: QL Users List [EMAIL PROTECTED] Cc: QL-Chat [EMAIL PROTECTED] Sent: Sunday, April 28, 2002 11:52 AM Subject: [ql-users] virus My virus checker caught a virus carried by an email attachment this weekend. It was caught and removed before being opened, so should be safe, but please check any attachments from me before opening them for the next couple of days just in case. Apologies for any inconvenience - I've sent a few PD library packages by email to one or two people, hence the minor panic. Nothing amiss at this end Dilwyn, would this be the dreaded Welsh sheep virus? (corrupts your ram ) (;-) Sorry All the best - Bill
Re: [ql-users] Virus
On Tue, Feb 05, 2002 at 08:48:05PM +, Malcolm Cadman wrote: In article [EMAIL PROTECTED], Richard Zidlicky [EMAIL PROTECTED] writes On Mon, Feb 04, 2002 at 07:27:56PM +, Malcolm Cadman wrote: One of the superb features is mail routing - which creates a newsgroup like tree based folder for groups such as this. Yes, the tree listing of emails in a newsgroup is amazing to watch ! interesting to read that basic MUA functionality hits windows. On linux-q40 at least sylpheed, mutt, exmh and balsa do this. Oh no ! ... I wondered when Linux would get a mention :-) How is it the that Linux gets such names like sylpheed, mutt, exmh and balsa:-) ... is there no imagination ? iirc sylpheed is japanese, the rest is probably some Unix mythology. Bye Richard
RE: [ql-users] Virus
Malcolm wrote : So look out for anything with .com or .exe in the file name. As I get involved in the virus protection of our installation from time to time, here is a partial list of the file extensions we block to avoid virusses : exe, com, scr, vbs, pif, html, htm, drv, 386, doc, xls, xlt, dot The list is quite large I'm afraid, only .txt, and .dat and .zip get through unscathed, but zip files will be opened and the contents scanned. If the zip file is password protected, then the file is quarantined - just in case. We block some wierd extensions, but these are ones that virus writers have used in the past. The best way to avoid these things is 'just be careful'. If you get an email from *anyone* with an attachement, save it to your disc first before opening it. Then, use explorer to find out how many extensions the file really has - some things come through as 'readme.txt.scr' but people see only the 'readme.txt' bit and assume it is harmless - it is not ! Make sure that explorer has been changed from the default setting which says 'hide file extensions for known file types'. This is a mojor bone of contention as it basically means that the above file would show up as 'readme.txt' rather than 'readme.txt.scr' is the scripting engine is installed on your PC. Sorry to be so off topic, but even as QL users we can't be too careful - until we get our own email system. Regards, Norman. - Norman Dunbar Database/Unix administrator Lynx Financial Systems Ltd. mailto:[EMAIL PROTECTED] Tel: 0113 289 6265 Fax: 0113 289 3146 URL: http://www.Lynx-FS.com - This email is intended only for the use of the addressees named above and may be confidential or legally privileged. If you are not an addressee you must not read it and must not use any information contained in it, nor copy it, nor inform any person other than Lynx Financial Systems or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the Lynx Financial Systems IT Department on 0113 2892990.
Re: [ql-users] Virus
On Mon, Feb 04, 2002 at 07:27:56PM +, Malcolm Cadman wrote: One of the superb features is mail routing - which creates a newsgroup like tree based folder for groups such as this. Yes, the tree listing of emails in a newsgroup is amazing to watch ! interesting to read that basic MUA functionality hits windows. On linux-q40 at least sylpheed, mutt, exmh and balsa do this. Bye Richard
Re: [ql-users] Virus
On Tue, 5 Feb 2002 at 08:20:40, Norman Dunbar wrote: (ref: [EMAIL PROTECTED]) Malcolm wrote : So look out for anything with .com or .exe in the file name. As I get involved in the virus protection of our installation from time to time, here is a partial list of the file extensions we block to avoid virusses : exe, com, scr, vbs, pif, html, htm, drv, 386, doc, xls, xlt, dot The list is quite large I'm afraid, only .txt, and .dat and .zip get through unscathed, but zip files will be opened and the contents scanned. If the zip file is password protected, then the file is quarantined - just in case. We block some wierd extensions, but these are ones that virus writers have used in the past. The best way to avoid these things is 'just be careful'. If you get an email from *anyone* with an attachement, save it to your disc first before opening it. Then, use explorer to find out how many extensions the file really has - some things come through as 'readme.txt.scr' but people see only the 'readme.txt' bit and assume it is harmless - it is not ! Even better - if it is unsolicited, then email the sender back and ask them. I did that with Basil Lee's 1 mb Xmas card, and got a mention in the Quanta editorial (8-)# and I never did look at the card (8-)# Mind you even if the sender did it intentionally, then still be wary. The 'fireworks' virus a few years back was sent to me intentionally - its fairly benign effects did not appear for some time. Sorry to be so off topic, but even as QL users we can't be too careful - until we get our own email system. I reckon this is very much on topic - we mainly have to use non-QL systems to access this, and any hassles thereof are OT in my mind. -- QBBS (QL fido BBS 2:257/67) +44(0)1442-828255 mailto:[EMAIL PROTECTED] http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
RE: [ql-users] Virus
On 5 Feb 2002, at 8:23, Norman Dunbar wrote: Geoff wrote : I noticed when defragging my hard disk. I got a message that defragging was being restarted because the disk contents had changed. That could only be a virus! To get this discussion on topic again, what about a defragger for a QXL.WIN file? Mind you, with the salve blocks, it's probably not fragmentation that's slowing everything down (launches this hurtful subject again). Wolfgang
Re: [ql-users] Virus
Norman Dunbar wrote: Tony, I tried to configure it, but it didn't like me much ! I got the Flo Flo thing but deleted it, AFAICR there was no attachment with it although I think there was reference to one. I recently upgraded this PC and thought about using Outlook 2000, I tried it but could not get it configured the way I can Netscape Messenger so I'm back with Netscape for email at least, also downloaded AVG anti virus stuff ( its free in UK ) and it seems to work ok ( had no virus to date at least ). On a completely different subject - Phoebu's CF reader works great in the PC, really fast loading of JPEG camera pics into Paintshop Pro, as I spent ( wasted) so much time sorting out the PC I didn't get round to installing it in the Q40 , next weekend maybe. All the best - Bill
Re: [ql-users] Virus
I said - 1. The latest Internet Explorer (v6.0) [incorporating Outlook Express] has more inherent security than previous versions. Roy said - Wrong - read the Register (www.theregister.co.uk) it has more holes that a Swiss cheese. I did - Security update download (2.27Mb!) I say - Thanks Roy John in Wales
Re: [ql-users] Virus
At 08:52 ìì 5/2/2002 +, you wrote: I said - 1. The latest Internet Explorer (v6.0) [incorporating Outlook Express] has more inherent security than previous versions. Roy said - Wrong - read the Register (www.theregister.co.uk) it has more holes that a Swiss cheese. I did - Security update download (2.27Mb!) I say - Thanks Roy John in Wales And what exactly do you think that solved? One problem and (most likely) created 200 others :-) (Any good M$ product does that) Phoebus
Re: [ql-users] Virus
- Original Message - From: Malcolm Cadman [EMAIL PROTECTED] Subject: Re: [ql-users] Virus By the way what version of Windows are you using, as I suspect it is aimed at the most recent versions ? 98 - it came with the computer and I see no need to upgrade (yet). I still like to access DOS occasionally. Geoff Wicks.
Re: [ql-users] Virus
I did - Security update download (2.27Mb!) Phoebus said - And what exactly do you think that solved? I say - Visit the website yourself Phoebus, read the MS public acknowledgement of work done by non-MS analysts - it'll make you feel better. John in Wales
Re: [ql-users] Virus
In article [EMAIL PROTECTED], Richard Zidlicky [EMAIL PROTECTED] writes On Mon, Feb 04, 2002 at 07:27:56PM +, Malcolm Cadman wrote: One of the superb features is mail routing - which creates a newsgroup like tree based folder for groups such as this. Yes, the tree listing of emails in a newsgroup is amazing to watch ! interesting to read that basic MUA functionality hits windows. On linux-q40 at least sylpheed, mutt, exmh and balsa do this. Oh no ! ... I wondered when Linux would get a mention :-) How is it the that Linux gets such names like sylpheed, mutt, exmh and balsa :-) ... is there no imagination ? -- Malcolm Cadman
Re: [ql-users] Virus
In article [EMAIL PROTECTED] uk, Norman Dunbar [EMAIL PROTECTED] writes Malcolm wrote : So look out for anything with .com or .exe in the file name. As I get involved in the virus protection of our installation from time to time, here is a partial list of the file extensions we block to avoid virusses : exe, com, scr, vbs, pif, html, htm, drv, 386, doc, xls, xlt, dot The list is quite large I'm afraid, only .txt, and .dat and .zip get through unscathed, but zip files will be opened and the contents scanned. If the zip file is password protected, then the file is quarantined - just in case. We block some wierd extensions, but these are ones that virus writers have used in the past. Yes, they use the 'common' extensions to seem normal or innocous. The best way to avoid these things is 'just be careful'. If you get an email from *anyone* with an attachement, save it to your disc first before opening it. Then, use explorer to find out how many extensions the file really has - some things come through as 'readme.txt.scr' but people see only the 'readme.txt' bit and assume it is harmless - it is not ! Saving to disc is a good option for anything suspicious. Make sure that explorer has been changed from the default setting which says 'hide file extensions for known file types'. This is a mojor bone of contention as it basically means that the above file would show up as 'readme.txt' rather than 'readme.txt.scr' is the scripting engine is installed on your PC. Sorry to be so off topic, but even as QL users we can't be too careful - until we get our own email system. As most users are using M$ software and PC hardware, it worth discussing. As it keeps coming around :-) Receiving emails with Win 3.11 seems to work fine though :-) as the virus writers don't think to target it anymore. -- Malcolm Cadman
Re: [ql-users] Virus
In article [EMAIL PROTECTED], Geoff Wicks [EMAIL PROTECTED] writes - Original Message - From: Malcolm Cadman [EMAIL PROTECTED] Subject: Re: [ql-users] Virus By the way what version of Windows are you using, as I suspect it is aimed at the most recent versions ? 98 - it came with the computer and I see no need to upgrade (yet). I still like to access DOS occasionally. OK ... it vunerable to virus attacks then. Also try to use something other the Outlook, if you can. -- Malcolm Cadman
Re: [ql-users] Virus
In message [EMAIL PROTECTED], Malcolm Cadman [EMAIL PROTECTED] writes In article [EMAIL PROTECTED], Richard Zidlicky [EMAIL PROTECTED] writes On Mon, Feb 04, 2002 at 07:27:56PM +, Malcolm Cadman wrote: One of the superb features is mail routing - which creates a newsgroup like tree based folder for groups such as this. Yes, the tree listing of emails in a newsgroup is amazing to watch ! interesting to read that basic MUA functionality hits windows. On linux-q40 at least sylpheed, mutt, exmh and balsa do this. Oh no ! ... I wondered when Linux would get a mention :-) How is it the that Linux gets such names like sylpheed, mutt, exmh and balsa :-) ... is there no imagination ? It is used by dyslexics -- Roy Wood Q Branch, 20 Locks Hill Portslade. Sussex. BN41 2LB. UK Tel : +44 (0)1273 386030 Fax : +44 (0)1273 430501 (New number!) Mobile +44(0)7836 745501 Web : www.qbranch.demon.co.uk
RE: [ql-users] Virus
I have just signed up with Demon and got Turnpike 6 for my emails. It is ok, but my wife has problems with it. However, calypso, is excellent. Once installed, my wife was using it in seconds with no problems. It looks a bit like 'lookout' but doesn't have the mail work problems. Highly recommended. (and free) http://10xshooters.com/calypso-free/ - Norman Dunbar Database/Unix administrator Lynx Financial Systems Ltd. mailto:[EMAIL PROTECTED] Tel: 0113 289 6265 Fax: 0113 289 3146 URL: http://www.Lynx-FS.com - -Original Message- From: Phoebus R. Dokos [mailto:[EMAIL PROTECTED]] Sent: Sunday, February 03, 2002 10:00 PM To: [EMAIL PROTECTED] Subject: Re: [ql-users] Virus Hi Geoff, the singular MOST important thing you need to do to get rid of worms of that kind is to get rid of Outlook you are using :-) You wouldn't have any trouble with Eudora for example :-) Phoebus This email is intended only for the use of the addressees named above and may be confidential or legally privileged. If you are not an addressee you must not read it and must not use any information contained in it, nor copy it, nor inform any person other than Lynx Financial Systems or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the Lynx Financial Systems IT Department on 0113 2892990.
Re: [ql-users] Virus
On Mon, 4 Feb 2002 at 08:21:38, Norman Dunbar wrote: (ref: [EMAIL PROTECTED]) I have just signed up with Demon and got Turnpike 6 for my emails. It is ok, but my wife has problems with it. I can understand that. It has enormous config depth and is based on windows explorer - both of which deter users who need their hands held. You do the configuring and she will be OK I suspect. One of the superb features is mail routing - which creates a newsgroup like tree based folder for groups such as this. -- QBBS (QL fido BBS 2:257/67) +44(0)1442-828255 mailto:[EMAIL PROTECTED] http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
RE: [ql-users] Virus
Tony, I tried to configure it, but it didn't like me much ! I got all the aliaes created and assigned rules to forward stuff to it, but you never knew when the damned thing would connect, or download or send. Seemed to have a mind of its own. Then when shutting down, it would try to connect again - until it ran out of re-tries. And no matter how I set the 'timeout after seconds' it simply timed out and disconnected every 30 seconds. I'm afraid, Turnpike 6 was no good for me or my wife. (But I know you like it :o) ) Norman. PS. I'm trying Linux again now - more fun and games. - Norman Dunbar Database/Unix administrator Lynx Financial Systems Ltd. mailto:[EMAIL PROTECTED] Tel: 0113 289 6265 Fax: 0113 289 3146 URL: http://www.Lynx-FS.com - -Original Message- From: Tony Firshman [mailto:[EMAIL PROTECTED]] Sent: Monday, February 04, 2002 8:49 AM To: [EMAIL PROTECTED] Subject: Re: [ql-users] Virus On Mon, 4 Feb 2002 at 08:21:38, Norman Dunbar wrote: (ref: [EMAIL PROTECTED]) It has enormous config depth and is based on windows explorer - both of which deter users who need their hands held. You do the configuring and she will be OK I suspect. This email is intended only for the use of the addressees named above and may be confidential or legally privileged. If you are not an addressee you must not read it and must not use any information contained in it, nor copy it, nor inform any person other than Lynx Financial Systems or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the Lynx Financial Systems IT Department on 0113 2892990.
RE: [ql-users] Virus
At 08:21 ðì 4/2/2002 +, you wrote: I have just signed up with Demon and got Turnpike 6 for my emails. It is ok, but my wife has problems with it. However, calypso, is excellent. Once installed, my wife was using it in seconds with no problems. It looks a bit like 'lookout' but doesn't have the mail work problems. Highly recommended. (and free) http://10xshooters.com/calypso-free/ One problem though, not supported anymore and with LOTS of problems under Win2K and (I suspect) under Win XP. P.S. Follow the link (Lindows.com) at the bottom of the page... you are in for a big surprise :-) Phoebus
RE: [ql-users] Virus
Works like a dream on Win2k over here then, and Win98 ! And I followed the link, didn't get a surprise - what was I expecting ? Puzzled of Bradford. :o) - Norman Dunbar Database/Unix administrator Lynx Financial Systems Ltd. mailto:[EMAIL PROTECTED] Tel: 0113 289 6265 Fax: 0113 289 3146 URL: http://www.Lynx-FS.com - -Original Message- From: Phoebus R. Dokos [mailto:[EMAIL PROTECTED]] Sent: Monday, February 04, 2002 2:55 PM To: [EMAIL PROTECTED] Subject: RE: [ql-users] Virus At 08:21 ðì 4/2/2002 +, you wrote: One problem though, not supported anymore and with LOTS of problems under Win2K and (I suspect) under Win XP. P.S. Follow the link (Lindows.com) at the bottom of the page... you are in for a big surprise :-) Phoebus This email is intended only for the use of the addressees named above and may be confidential or legally privileged. If you are not an addressee you must not read it and must not use any information contained in it, nor copy it, nor inform any person other than Lynx Financial Systems or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the Lynx Financial Systems IT Department on 0113 2892990.
RE: [ql-users] Virus
At 03:01 ìì 4/2/2002 +, you wrote: Works like a dream on Win2k over here then, and Win98 ! And I followed the link, didn't get a surprise - what was I expecting ? Puzzled of Bradford. :o) Linux running Windows... rather cool don't you think? Phoebus - Norman Dunbar Database/Unix administrator Lynx Financial Systems Ltd. mailto:[EMAIL PROTECTED] Tel: 0113 289 6265 Fax: 0113 289 3146 URL: http://www.Lynx-FS.com - -Original Message- From: Phoebus R. Dokos [mailto:[EMAIL PROTECTED]] Sent: Monday, February 04, 2002 2:55 PM To: [EMAIL PROTECTED] Subject: RE: [ql-users] Virus At 08:21 ðì 4/2/2002 +, you wrote: One problem though, not supported anymore and with LOTS of problems under Win2K and (I suspect) under Win XP. P.S. Follow the link (Lindows.com) at the bottom of the page... you are in for a big surprise :-) Phoebus This email is intended only for the use of the addressees named above and may be confidential or legally privileged. If you are not an addressee you must not read it and must not use any information contained in it, nor copy it, nor inform any person other than Lynx Financial Systems or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the Lynx Financial Systems IT Department on 0113 2892990.
RE: [ql-users] Virus
I see, I thought it was something with your picture one, or similar. I do know about Lindows, but unfortunately, it is a bit (a lot) of vapourware at the moment. No-one has seen anything of the product, no downloads etc. WINE, on the other hand, is around and works - mostly. Example, some Linux guy wanted to run Ecxchange on his Linux server, installed WINE, and got Exchange up and running very quickly. Within an hour, he was hit and trashed by SirCam. Obviously the whole system wasn't trashed, being Linux, but still hugely funny ! Norman. - Norman Dunbar Database/Unix administrator Lynx Financial Systems Ltd. mailto:[EMAIL PROTECTED] Tel: 0113 289 6265 Fax: 0113 289 3146 URL: http://www.Lynx-FS.com - -Original Message- From: Phoebus R. Dokos [mailto:[EMAIL PROTECTED]] Sent: Monday, February 04, 2002 3:10 PM To: [EMAIL PROTECTED] Subject: RE: [ql-users] Virus Linux running Windows... rather cool don't you think? Phoebus - Norman Dunbar Database/Unix administrator Lynx Financial Systems Ltd. mailto:[EMAIL PROTECTED] Tel: 0113 289 6265 Fax: 0113 289 3146 URL: http://www.Lynx-FS.com - This email is intended only for the use of the addressees named above and may be confidential or legally privileged. If you are not an addressee you must not read it and must not use any information contained in it, nor copy it, nor inform any person other than Lynx Financial Systems or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the Lynx Financial Systems IT Department on 0113 2892990.
RE: [ql-users] Virus
At 03:14 ìì 4/2/2002 +, you wrote: I see, I thought it was something with your picture one, or similar. I do know about Lindows, but unfortunately, it is a bit (a lot) of vapourware at the moment. No-one has seen anything of the product, no downloads etc. WINE, on the other hand, is around and works - mostly. I have... I paid 99$ to be an insider :-) Installed really fast and easy.. still have some quirks but basically it's Linux for the masses :-) (And not only for Thierry, Richard, Claus and Peter ;-) (Just joking!) Example, some Linux guy wanted to run Ecxchange on his Linux server, installed WINE, and got Exchange up and running very quickly. Within an hour, he was hit and trashed by SirCam. Obviously the whole system wasn't trashed, being Linux, but still hugely funny ! Norman.
RE: [ql-users] Virus
Send Linux Format magazine some details - they seem to think it doesn't exist ! - Norman Dunbar Database/Unix administrator Lynx Financial Systems Ltd. mailto:[EMAIL PROTECTED] Tel: 0113 289 6265 Fax: 0113 289 3146 URL: http://www.Lynx-FS.com - -Original Message- From: Phoebus R. Dokos [mailto:[EMAIL PROTECTED]] Sent: Monday, February 04, 2002 3:21 PM To: [EMAIL PROTECTED] Subject: RE: [ql-users] Virus I have... I paid 99$ to be an insider :-) Installed really fast and easy.. still have some quirks but basically it's Linux for the masses :-) (And not only for Thierry, Richard, Claus and Peter ;-) (Just joking!) This email is intended only for the use of the addressees named above and may be confidential or legally privileged. If you are not an addressee you must not read it and must not use any information contained in it, nor copy it, nor inform any person other than Lynx Financial Systems or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the Lynx Financial Systems IT Department on 0113 2892990.
RE: [ql-users] Virus
At 03:23 ìì 4/2/2002 +, you wrote: Send Linux Format magazine some details - they seem to think it doesn't exist ! They don't want to pay apparently ! I don't honestly think that it will be ready by until April that they say...but nonetheless it's worth an effort I think! Phoebus - Norman Dunbar Database/Unix administrator Lynx Financial Systems Ltd. mailto:[EMAIL PROTECTED] Tel: 0113 289 6265 Fax: 0113 289 3146 URL: http://www.Lynx-FS.com - -Original Message- From: Phoebus R. Dokos [mailto:[EMAIL PROTECTED]] Sent: Monday, February 04, 2002 3:21 PM To: [EMAIL PROTECTED] Subject: RE: [ql-users] Virus I have... I paid 99$ to be an insider :-) Installed really fast and easy.. still have some quirks but basically it's Linux for the masses :-) (And not only for Thierry, Richard, Claus and Peter ;-) (Just joking!) This email is intended only for the use of the addressees named above and may be confidential or legally privileged. If you are not an addressee you must not read it and must not use any information contained in it, nor copy it, nor inform any person other than Lynx Financial Systems or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the Lynx Financial Systems IT Department on 0113 2892990.
Re: [ql-users] Virus
Re: Hi Geoff, the singular MOST important thing you need to do to get rid of worms of that kind is to get rid of Outlook you are using :-) You wouldn't have any trouble with Eudora for example :-) ... or Turnpike. This is Demon's mailer, but is generally usable for about £25 I think. It is a quite superb piece of software. == 1. The latest Internet Explorer (v6.0) [incorporating Outlook Express] has more inherent security than previous versions. 2. It is free. 3. I keep one bogus address in my address-book. That way, if it were returned i.e. - A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:.. In some circumstances at least I would then know that I just left the stable door open! No! - not *yet* I haven't. But a month ago I caught BadTrans in the act. Smug! ;) Welsh John
Re: [ql-users] Virus
At 03:54 ìì 4/2/2002 +, you wrote: Re: Hi Geoff, the singular MOST important thing you need to do to get rid of worms of that kind is to get rid of Outlook you are using :-) You wouldn't have any trouble with Eudora for example :-) ... or Turnpike. This is Demon's mailer, but is generally usable for about £25 I think. It is a quite superb piece of software. == 1. The latest Internet Explorer (v6.0) [incorporating Outlook Express] has more inherent security than previous versions. Yes... and the Pope is Orthodox :-) 2. It is free. Yes considering how much money they make by stealing your personal info 3. I keep one bogus address in my address-book. That way, if it were returned i.e. - Clever :-) A message that you sent could not be delivered to one or more of its recipients. This is a permanent error. The following address(es) failed:.. In some circumstances at least I would then know that I just left the stable door open! No! - not *yet* I haven't. But a month ago I caught BadTrans in the act. Smug! ;) Which proves the point... You wouldn't have BadTrans have you used a different email client Welsh John
Re: [ql-users] Virus
In article [EMAIL PROTECTED], Geoff Wicks [EMAIL PROTECTED] writes I am sorry I have discovered that the BadTrans virus had infected my machine. My apologies if I have infected someone else, but I think I picked it up through the group originally, so there is probably someone else with the problem. Fortunately it was no more than a couple of days, but that is long enough to do damage. BE WARNED! This is a new version of the worm that was not detected in several scans, even with recent scanning software, that I did after getting the suspicious email with a ql-users subject line. I became more suspicious when, during routine maintenance, my hard disk seemed more fragmented than usual. It was only after I had downloaded the latest definitions that I finally tracked it down. Again my apologies for any trouble caused. Not your fault ... as that is the way it was intended to spread. By the way what version of Windows are you using, as I suspect it is aimed at the most recent versions ? -- Malcolm Cadman
Re: [ql-users] Virus
In article [EMAIL PROTECTED], Tony Firshman [EMAIL PROTECTED] writes On Sun, 3 Feb 2002 at 16:59:31, Phoebus R. Dokos wrote: (ref: [EMAIL PROTECTED]) At 09:21 ìì 3/2/2002 +, you wrote: I am sorry I have discovered that the BadTrans virus had infected my machine. My apologies if I have infected someone else, but I think I picked it up through the group originally, so there is probably someone else with the problem. Fortunately it was no more than a couple of days, but that is long enough to do damage. Hi Geoff, the singular MOST important thing you need to do to get rid of worms of that kind is to get rid of Outlook you are using :-) You wouldn't have any trouble with Eudora for example :-) ... or Turnpike. This is Demon's mailer, but is generally usable for about £25 I think. It is a quite superb piece of software. I can second that Turnpike is superb piece of software, if you want a good email system ... with great potential for more sophisticated use. However, it all depends with a virus what it is aimed at. The best thing with anything supicious is not to read it ! Yet we all succumb at some time. Another way is to examine it in an editor - only - to check out its contents ... yet you need some expertise there. Usually the virii are written in compiled Visual Basic ... as this is what is available to the authors of this rubbish. So look out for anything with .com or .exe in the file name. The more sophisticated originators will have different ways ... -- Malcolm Cadman
Re: [ql-users] Virus
In article [EMAIL PROTECTED], Tony Firshman [EMAIL PROTECTED] writes On Mon, 4 Feb 2002 at 08:21:38, Norman Dunbar wrote: (ref: [EMAIL PROTECTED]) I have just signed up with Demon and got Turnpike 6 for my emails. It is ok, but my wife has problems with it. I can understand that. It has enormous config depth and is based on windows explorer - both of which deter users who need their hands held. You do the configuring and she will be OK I suspect. One of the superb features is mail routing - which creates a newsgroup like tree based folder for groups such as this. Yes, the tree listing of emails in a newsgroup is amazing to watch ! -- Malcolm Cadman
Re: [ql-users] Virus
In article [EMAIL PROTECTED] uk, Norman Dunbar [EMAIL PROTECTED] writes I have just signed up with Demon and got Turnpike 6 for my emails. It is ok, but my wife has problems with it. However, calypso, is excellent. Once installed, my wife was using it in seconds with no problems. It looks a bit like 'lookout' but doesn't have the mail work problems. Highly recommended. (and free) http://10xshooters.com/calypso-free/ I hope calypso is good. Turnpike takes a bit of learning, which means many of the computer mags fail to review it too highly, for example. However, it pays off later when you realise you how many features it has, and the depth of it. -- Malcolm Cadman
Re: [ql-users] Virus
On Mon, 4 Feb 2002, Dave wrote: ...and since the machine is moistly idle while defragging... Did I really typo that? Egads! *blush* Dave ql.spodmail.com
Re: [ql-users] Virus
At 07:21 ìì 4/2/2002 +, you wrote: In article [EMAIL PROTECTED], Tony Firshman [EMAIL PROTECTED] writes On Sun, 3 Feb 2002 at 16:59:31, Phoebus R. Dokos wrote: (ref: [EMAIL PROTECTED]) At 09:21 ìì 3/2/2002 +, you wrote: I am sorry I have discovered that the BadTrans virus had infected my machine. My apologies if I have infected someone else, but I think I picked it up through the group originally, so there is probably someone else with the problem. Fortunately it was no more than a couple of days, but that is long enough to do damage. Hi Geoff, the singular MOST important thing you need to do to get rid of worms of that kind is to get rid of Outlook you are using :-) You wouldn't have any trouble with Eudora for example :-) ... or Turnpike. This is Demon's mailer, but is generally usable for about £25 I think. It is a quite superb piece of software. I can second that Turnpike is superb piece of software, if you want a good email system ... with great potential for more sophisticated use. However, it all depends with a virus what it is aimed at. The best thing with anything supicious is not to read it ! Yet we all succumb at some time. Another way is to examine it in an editor - only - to check out its contents ... yet you need some expertise there. Usually the virii are written in compiled Visual Basic ... as this is what is available to the authors of this rubbish. So look out for anything with .com or .exe in the file name. Not really mostly interpreted VB for Applications (Comes bundled with every major M$ product) Also the newest trick is to send a .COM file (Most post 95 users nowadays don't know that these are executable files) and the user perceives it as a link :- Phoebus
RE: [ql-users] Virus
The problem is that generally the one with the worm is not advised of its presence. It can send mail (with the worm) to anything that look like an email address on the computer ... Claude -Message d'origine- De : Phoebus R. Dokos [mailto:[EMAIL PROTECTED]] Envoyé : dimanche 3 février 2002 01:45 À : [EMAIL PROTECTED] Objet : [ql-users] Virus Re: my previous email... This was on the header Received: from mel-rta7.wanadoo.fr (193.252.19.61) by mel-rto6.wanadoo.fr; 2 Feb 2002 22:01:48 +0100 Probably an edited message by the worm itself, but it had the ql-users signature on it so whoever sent it me is definately reading the list Careful again Phoebus
Re: [ql-users] Virus
In article [EMAIL PROTECTED], Phoebus R. Dokos [EMAIL PROTECTED] writes Re: my previous email... This was on the header Received: from mel-rta7.wanadoo.fr (193.252.19.61) by mel-rto6.wanadoo.fr; 2 Feb 2002 22:01:48 +0100 Probably an edited message by the worm itself, but it had the ql-users signature on it so whoever sent it me is definately reading the list Careful again Yes, there was one sent to the list, or the addresses from the list. I deleted it straightaway. -- Malcolm Cadman
Re: [ql-users] Virus
I am sorry I have discovered that the BadTrans virus had infected my machine. My apologies if I have infected someone else, but I think I picked it up through the group originally, so there is probably someone else with the problem. Fortunately it was no more than a couple of days, but that is long enough to do damage. BE WARNED! This is a new version of the worm that was not detected in several scans, even with recent scanning software, that I did after getting the suspicious email with a ql-users subject line. I became more suspicious when, during routine maintenance, my hard disk seemed more fragmented than usual. It was only after I had downloaded the latest definitions that I finally tracked it down. Again my apologies for any trouble caused. Geoff Wicks
Re: [ql-users] Virus
At 09:21 ìì 3/2/2002 +, you wrote: I am sorry I have discovered that the BadTrans virus had infected my machine. My apologies if I have infected someone else, but I think I picked it up through the group originally, so there is probably someone else with the problem. Fortunately it was no more than a couple of days, but that is long enough to do damage. BE WARNED! This is a new version of the worm that was not detected in several scans, even with recent scanning software, that I did after getting the suspicious email with a ql-users subject line. I became more suspicious when, during routine maintenance, my hard disk seemed more fragmented than usual. It was only after I had downloaded the latest definitions that I finally tracked it down. Again my apologies for any trouble caused. Geoff Wicks Hi Geoff, the singular MOST important thing you need to do to get rid of worms of that kind is to get rid of Outlook you are using :-) You wouldn't have any trouble with Eudora for example :-) Phoebus
Re: [ql-users] Virus
I retraced the virus that came to me and it's definately from France. So whoever is using wanadoo.fr AND windows, better check your accounts and fast P.S. Norton Antivirus didn't get the Worm but AVC did :-) Phoebus
Re: [ql-users] Virus Alert (Slightly OT but a good read none the less !)
In message [EMAIL PROTECTED], Norman Dunbar [EMAIL PROTECTED] writes Roy, thanks for the details - we are actually covered and it wasn't an HTML email this time either. We were in the middle of updating the dat files when we got hit. Investigations (aka witch hunt ??) has found this total stupidity : consultant from sister company opens email from a friend on his lap top. Sees fancy new screen saver, and opens it (oops !) Suddenly realises what happened and puuls the network cable out PDQ. (So far so good - did the right thing, apart from opening the attachment, but ...) SNIP Nice story. The woman I had to visit for the virus deletion quite blithely said ' Oh I got the Love Bug Virus too' some people never learn. The Badtrans thing is doubly duplicitous because there is the attachment and a bit of script hidden in the HTML which will also cause damage. -- Roy Wood Q Branch, 20 Locks Hill Portslade. Sussex. BN41 2LB. UK Tel : +44 (0)1273 386030 Fax : +44 (0)1273 381577 Mobile +44(0)7836 745501 Web : www.qbranch.demon.co.uk
Re: [ql-users] Virus Alert
In message [EMAIL PROTECTED], Claude Mourier 00 [EMAIL PROTECTED] writes With virus like Badtrans, no need to use HTML nor execute attached piece : only opening the mail is sufficent to be infected...with Outlook (not patched, but how basic user knows what is a patch ?) Not if it is a plain text file ! -- Roy Wood Q Branch, 20 Locks Hill Portslade. Sussex. BN41 2LB. UK Tel : +44 (0)1273 386030 Fax : +44 (0)1273 381577 Mobile +44(0)7836 745501 Web : www.qbranch.demon.co.uk
Re: [ql-users] Virus Alert
There is a new nasty going around called GONER and our business was seriously hit yesterday afternoon at 17:30. If you get any emails where the subject is 'Hi' then immediately delete them. If you run M$ Lookout or Lookout Express, make sure you turn your preview pane off as this is enough to infect you. The virus was discovered in the wild yesterday afternoon, our email scanner was being updated as soon as the new data file was made available and we got 'hit' slap bang in the middle of the update - how's that for bad timing ? This is all part of the stupid idea of having HTML based emails. They bloat the transmitted code up and provide convenient vehicles for nasty bits of code. Another virus has been battering at my firewall for the last week or so called W32.Badtrans. This one does little damage to the system but, according to Symantec, can open a console to log in your keypresses when details such as password and credit card numbers are being typed in. It then transmits these to a series of email addresses. The key to these mails are an underscore before the senders address (stops the stupid from telling them they are infected), a subject line of 'Re.' and a double extension on the attachment such as 'doc.pif' or 'xls.scr' etc. I would recommend people to upgrade their virus protection to Norton 2002 which handles these perfectly. Oh and there is a tool on the Symantec site to get rid of 'Goner' with little trouble ( I had to do this for someone this evening) Maybe it does not work for NT or maybe your support team did not look on the Norton site. -- Roy Wood Q Branch, 20 Locks Hill Portslade. Sussex. BN41 2LB. UK Tel : +44 (0)1273 386030 Fax : +44 (0)1273 381577 Mobile +44(0)7836 745501 Web : www.qbranch.demon.co.uk
RE: [ql-users] Virus Alert
Not SMSQ/E ? ;-) -Message d'origine- De : Norman Dunbar [mailto:[EMAIL PROTECTED]] Envoyé : mercredi 5 décembre 2001 09:24 À : '[EMAIL PROTECTED]' Objet : [ql-users] Virus Alert (...) I have a task on my list to investigate Linux as an alternative desktop system for the business - more ammo for me :o) Norman. - Norman Dunbar Database/Unix administrator Lynx Financial Systems Ltd. mailto:[EMAIL PROTECTED] Tel: 0113 289 6265 Fax: 0113 289 3146 URL: http://www.Lynx-FS.com - This email is intended only for the use of the addressees named above and may be confidential or legally privileged. If you are not an addressee you must not read it and must not use any information contained in it, nor copy it, nor inform any person other than Lynx Financial Systems or the addressees of its existence or contents. If you have received this email and are not a named addressee, please delete it and notify the Lynx Financial Systems IT Department on 0113 2892990.
RE: [ql-users] Virus
Mel, it worked ok for me this very morning, I copied the URL directly from IE and it is http://vil.nai.com/vil/virusChar.asp?virus_k=99141. For the 'home' page of the virus information library, go here http://vil.nai.com/VIL/default.asp Norman. Norman Dunbar EMail: [EMAIL PROTECTED] Database/Unix administrator Phone: 0113 289 6265 Lynx Financial Systems Ltd. Fax:0113 201 7265 URL:http://www.LynxFinancialSystems.com -Original Message- From: Mel LaVerne [mailto:[EMAIL PROTECTED]] Sent: Sunday, August 12, 2001 11:07 AM To: [EMAIL PROTECTED] Subject: Re: [ql-users] Virus I tried the URL given and promptly got the message: The page you are looking for is temporarily unavailable or no longer exists. Please try one of the links below. A large number of links was shown but I have no idea of which one, if any, would have the information. -- Malcolm Cadman
Re: [ql-users] Virus
At 18:47 10/08/2001 +0100, you wrote: In article [EMAIL PROTECTED], Ron Dunnett [EMAIL PROTECTED] writes For your information the virus that is within the emails from Greg Francis is called W32/Sircam@MM virus. Mcafee Anti Virus program knows of the virus but cannot clean the file, you have to delete it. I am getting about 3 a day on average. Yes, as Norman helpfully pointed out earlier in this thread the full information is available at :- http://vil.nai.com/vil/virusChar.asp?virus_k=99141 Well worth a read, if you haven't done so. Also information about many other variants from the main page. I tried the URL given and promptly got the message: The page you are looking for is temporarily unavailable or no longer exists. Please try one of the links below. A large number of links was shown but I have no idea of which one, if any, would have the information. -- Malcolm Cadman
RE: [ql-users] Virus
In article [EMAIL PROTECTED], [EMAIL PROTECTED] (Norman Dunbar) wrote: -Original Message- From: Dilwyn Jones [mailto:[EMAIL PROTECTED]] Sent: Monday, August 06, 2001 6:53 PM To: [EMAIL PROTECTED] Subject: Re: [ql-users] Virus Sadly, I have to put up with downloading a 100K work or virus first, look at the email address, then tell my software to block further ones. Gneerally, they never aarrive fromt he ssame place twice. OK, I might be able to help here - although I'm sure that there are other/better things available - the list shall inform ! A project that I have in mind, sorry but it is Windows based, is a small email filter type program which allows you to connect to the mail server at your ISP, and download the HEADERS of your emails first of all - so any 100 Gigabyte :o) attachments, or files with double extensions - xxx.xls.exe or similar - can be spotted before downloading. Any unwanted emails can then be deleted from the server BEFORE you download them. I know that there are a lot of web based interfaces to email nowadays, but if I get my act together, this can hopefully be used to filter out the crap - I'm sure I can build in a 'auto delete from this address' facility. I only have an 'almost working' prototype at the moment, but if you are interested you know who to call. Oh, did I mention, that like Stripper 2 for Windows, this will be free ? Norman. There is a website that does this: http://www.twigger.co.uk You need to give it your ISP's POP3 site URL plus your user name and password and it does it for you. It is slow but it has an enormous amount of info to plough through Regards, Peter Fox
RE: [ql-users] Virus
-Original Message- From: Dilwyn Jones [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 6:19 PM To: [EMAIL PROTECTED] Subject: Re: [ql-users] Virus Hmmm, that probably means it's a Windoze prog that stands a chance of working. Thanks for the compliment ! Keep the sources and bolt them onto soql when it (eventually) comes out. Sources will be C++ and unlikely to bolt on unfortunately, due to other components being used to do the hard work of downloading, filtering etc. Of course, one never knows ! Norman. PS. Is it wet in Wales today then ? Norman Dunbar EMail: [EMAIL PROTECTED] Database/Unix administrator Phone: 0113 289 6265 Lynx Financial Systems Ltd. Fax:0113 201 7265 URL:http://www.LynxFinancialSystems.com
Re: [ql-users] Virus
Sources will be C++ and unlikely to bolt on unfortunately, due to other components being used to do the hard work of downloading, filtering etc. Of course, one never knows ! Norman. Pity. PS. Is it wet in Wales today then ? Wet? What's that? We get constant sunshine here :-( -- Dilwyn Jones [EMAIL PROTECTED] http://www.soft.net.uk/dj/index.html
Re: [ql-users] Virus
In article [EMAIL PROTECTED], Tony Firshman [EMAIL PROTECTED] writes Demon's Turnpike (generally available for around £30 I think - but free to Demon customers) already does just this on its POP3 and SMTP mail collections. You have to set the feature up though ... which I haven't done with my copy of Turnpike. How is it done, for curiosity ? I am using V6 beta 6, so yours may be different. In TP offline - configure/email routing rules/mail rejection/ .. and POP3 rejects based on header (as long as the rejection rule can get all the info from there). For thought starters (for the current project) TP has following: . was sent from user x . has subject line containing . is larger than bytes . matches the custom rule, which can get quite sophisticated (using perl-like regexps). ie ^ is beginning $ is end \ escapes the next chr - ie converts it into a 'real' character. . in regexp unescaped means 'any character' OK ... I get the idea, thanks :-) -- Malcolm Cadman
RE: [ql-users] Virus
-Original Message- From: Dilwyn Jones [mailto:[EMAIL PROTECTED]] Sent: Monday, August 06, 2001 6:53 PM To: [EMAIL PROTECTED] Subject: Re: [ql-users] Virus Sadly, I have to put up with downloading a 100K work or virus first, look at the email address, then tell my software to block further ones. Gneerally, they never aarrive fromt he ssame place twice. OK, I might be able to help here - although I'm sure that there are other/better things available - the list shall inform ! A project that I have in mind, sorry but it is Windows based, is a small email filter type program which allows you to connect to the mail server at your ISP, and download the HEADERS of your emails first of all - so any 100 Gigabyte :o) attachments, or files with double extensions - xxx.xls.exe or similar - can be spotted before downloading. Any unwanted emails can then be deleted from the server BEFORE you download them. I know that there are a lot of web based interfaces to email nowadays, but if I get my act together, this can hopefully be used to filter out the crap - I'm sure I can build in a 'auto delete from this address' facility. I only have an 'almost working' prototype at the moment, but if you are interested you know who to call. Oh, did I mention, that like Stripper 2 for Windows, this will be free ? Norman. Norman Dunbar EMail: [EMAIL PROTECTED] Database/Unix administrator Phone: 0113 289 6265 Lynx Financial Systems Ltd. Fax:0113 201 7265 URL:http://www.LynxFinancialSystems.com
Re: [ql-users] Virus
On Tue, 7 Aug 2001 at 08:55:16, Norman Dunbar wrote: (ref: [EMAIL PROTECTED]) A project that I have in mind, sorry but it is Windows based, is a small email filter type program which allows you to connect to the mail server at your ISP, and download the HEADERS of your emails first of all - so any 100 Gigabyte :o) attachments, or files with double extensions - xxx.xls.exe or similar - can be spotted before downloading. Any unwanted emails can then be deleted from the server BEFORE you download them. Demon's Turnpike (generally available for around £30 I think - but free to Demon customers) already does just this on its POP3 and SMTP mail collections. -- QBBS (QL fido BBS 2:257/67) +44(0)1442-828255 mailto:[EMAIL PROTECTED] http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
RE: [ql-users] Virus
I thought it might :o) Norman Dunbar EMail: [EMAIL PROTECTED] Database/Unix administrator Phone: 0113 289 6265 Lynx Financial Systems Ltd. Fax:0113 201 7265 URL:http://www.LynxFinancialSystems.com -Original Message- From: Tony Firshman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, August 07, 2001 9:59 AM To: [EMAIL PROTECTED] Subject: Re: [ql-users] Virus Demon's Turnpike (generally available for around £30 I think - but free to Demon customers) already does just this on its POP3 and SMTP mail collections.
Re: [ql-users] Virus
I only have an 'almost working' prototype at the moment, but if you are interested you know who to call. Oh, did I mention, that like Stripper 2 for Windows, this will be free ? Hmmm, that probably means it's a Windoze prog that stands a chance of working. Keep the sources and bolt them onto soql when it (eventually) comes out. -- Dilwyn Jones [EMAIL PROTECTED] http://www.soft.net.uk/dj/index.html
Re: [ql-users] Virus
Wolfgang Lenerz wrote: Even these emails are being monitored ... So why don(t we all adopt the follwoing byline: Death, terrorists, kill the president, bomb, hoist, FBI Or as a female colleague said to me today, after she fell out with a male colleague: I take no male prisoners, I kill them all. I could just imagine the boss's telephone monitoring computer going into overdrive monitoring that conversation. (Let's give echelon something to think about) Wolfgang PS I'll be away till september. SO how will we know if Echelon has shot/blown you up/arrested you by then??? Is this what they call Denial Of Service attacks - clogging up Echelon with millions of references to naughty words? (add Echelon-sensitive signatures to your emails folks) -- Dilwyn Jones [EMAIL PROTECTED] http://www.soft.net.uk/dj/index.html
Re: [ql-users] Virus
In article [EMAIL PROTECTED], Tony Firshman [EMAIL PROTECTED] writes On Tue, 7 Aug 2001 at 08:55:16, Norman Dunbar wrote: (ref: [EMAIL PROTECTED]) A project that I have in mind, sorry but it is Windows based, is a small email filter type program which allows you to connect to the mail server at your ISP, and download the HEADERS of your emails first of all - so any 100 Gigabyte :o) attachments, or files with double extensions - xxx.xls.exe or similar - can be spotted before downloading. Any unwanted emails can then be deleted from the server BEFORE you download them. Demon's Turnpike (generally available for around £30 I think - but free to Demon customers) already does just this on its POP3 and SMTP mail collections. You have to set the feature up though ... which I haven't done with my copy of Turnpike. How is it done, for curiosity ? What Norman is suggesting is a general little task that can be used with any email software and a PC; and free too :-) -- Malcolm Cadman
Re: [ql-users] Virus
In article 3B6FB7DB.15851.70128@localhost, Wolfgang Lenerz [EMAIL PROTECTED] writes On 6 Aug 2001, at 21:41, Malcolm Cadman wrote: Even these emails are being monitored ... So why don(t we all adopt the follwoing byline: Death, terrorists, kill the president, bomb, hoist, FBI (Let's give echelon something to think about) PS I'll be away till september. Still no escape though :-) -- Malcolm Cadman
Re: [ql-users] Virus
- Original Message - From: Wolfgang Lenerz [EMAIL PROTECTED] Subject: Re: [ql-users] Virus On 6 Aug 2001, at 21:41, Malcolm Cadman wrote: Even these emails are being monitored ... So why don(t we all adopt the follwoing byline: Death, terrorists, kill the president, bomb, hoist, FBI (Let's give echelon something to think about) Wolfgang PS I'll be away till september. Use words like that in an email and you could be going away for much longer! And to get you really paranoid, I once heard two QL-ers seriously discussing whether UK traders and other QL luminaries were really British spies using the QL as a good cover for all those foreign trips. Okay, okay, its what the Dutch call cucumber time. Geoff Wicks [EMAIL PROTECTED]
RE: [ql-users] Virus
For your information the virus that is within the emails from Greg Francis is called W32/Sircam@MM virus. Mcafee Anti Virus program knows of the virus but cannot clean the file, you have to delete it. I am getting about 3 a day on average. Ron [EMAIL PROTECTED] -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Malcolm Cadman Sent: 06 August 2001 21:41 To: [EMAIL PROTECTED] Subject: Re: [ql-users] Virus In article 000c01c11ea0$e998f240$c7075cc3@default, Dilwyn Jones [EMAIL PROTECTED] writes Huh, what about my privacy getting these things in the first place, wasting my time, money and patience with them? Once you know the source you can block it / delete it, with your email software, or not even download it from your ISP. Yet this can go on for ever ... better as suggested that ISP's filter out the rogue emails in the first place. Which they can/could do ... yet this has implications for other things too, like the 'freedom' of the net, etc. Freedom is a concept best used by responsible societies. If M$ was silly enough to design these systems to be able to carry viruses in the first place (even though the facility was meant for something more legitimate) then ... Anyway, I do use my email software to block what its capable of. Once I receive an email I didn't want from someone, I can simply tell my email software to either not download it or even to delete it off the ISP's server. Sadly, I have to put up with downloading a 100K work or virus first, look at the email address, then tell my software to block further ones. Gneerally, they never aarrive fromt he ssame place twice. That is the problem of an individual blocking unwanted email, it is an endless job. Freedom of the net (to engage in virus/pornography/hacking/political extremism etc etc???) versus filtering out certain activities by software which can be set up not to invade privacy for genuine emails? No question. Yes, freedom is a very debatable point ... censorship, taste, etc ... with the net you take its bad with its good. It has emerged as one of the least restricted media available, yet this has its downside too. Even these emails are being monitored ... -- Malcolm Cadman
Re: [ql-users] Virus
Tony Firshman wrote: On Tue, 7 Aug 2001 at 09:41:47, Wolfgang Lenerz wrote: (ref: 3B6FB7DB.15851.70128@localhost) On 6 Aug 2001, at 21:41, Malcolm Cadman wrote: Even these emails are being monitored ... So why don(t we all adopt the follwoing byline: Death, terrorists, kill the president, bomb, hoist, FBI (Let's give echelon something to think about) You forgot Inland Revenue, Tax, VAT, I have a client who refuses to mention those words on the phone - 'They are listening' he says (8-)# this has been the case for a long time , international calls are monitored ( by machine ) for suspect words. As if the bad guys would chat to each other in specifics !! All the best - Bill
Re: [ql-users] Virus
On Tue, 7 Aug 2001 at 19:20:10, Malcolm Cadman wrote: (ref: [EMAIL PROTECTED]) In article [EMAIL PROTECTED], Tony Firshman [EMAIL PROTECTED] writes On Tue, 7 Aug 2001 at 08:55:16, Norman Dunbar wrote: (ref: [EMAIL PROTECTED]) A project that I have in mind, sorry but it is Windows based, is a small email filter type program which allows you to connect to the mail server at your ISP, and download the HEADERS of your emails first of all - so any 100 Gigabyte :o) attachments, or files with double extensions - xxx.xls.exe or similar - can be spotted before downloading. Any unwanted emails can then be deleted from the server BEFORE you download them. Demon's Turnpike (generally available for around £30 I think - but free to Demon customers) already does just this on its POP3 and SMTP mail collections. You have to set the feature up though ... which I haven't done with my copy of Turnpike. How is it done, for curiosity ? I am using V6 beta 6, so yours may be different. In TP offline - configure/email routing rules/mail rejection/ .. and POP3 rejects based on header (as long as the rejection rule can get all the info from there). For thought starters (for the current project) TP has following: . was sent from user x . has subject line containing . is larger than bytes . matches the custom rule, which can get quite sophisticated (using perl-like regexps). ie ^ is beginning $ is end \ escapes the next chr - ie converts it into a 'real' character. . in regexp unescaped means 'any character' QUOTE Search patterns are expressed as regular expression. Study the following examples, and pick out the one that most closely mirrors the type of rule you want, then modify the rule to suit your purpose. /^fred$/All mail addressed to fred /^fred@anycompany\.com$/a All mail from [EMAIL PROTECTED] /@anycompany\.com$/aAll mail from anybody at anycompany.com /urgent/s All mail with urgent in the subject /@anycompany\.com$/a !/urgent/s All mail from anycompany.com unless it has urgent in the subject /^(tom|dick|harry)@/a All mail from Tom, Dick or Harry !/^(tom|dick|harry)@/a All mail, except that from Tom, Dick or Harry. /^X-Mailer:/h All mail with an X-Mailer header ENDQUOTE -- QBBS (QL fido BBS 2:257/67) +44(0)1442-828255 mailto:[EMAIL PROTECTED] http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
Re: [ql-users] Virus
On Sat, 4 Aug 2001 at 19:18:27, Malcolm Cadman wrote: (ref: h+lwEFAzxDb7Ewa$@mcad.demon.co.uk) In article [EMAIL PROTECTED], Tony Firshman [EMAIL PROTECTED] writes On Fri, 3 Aug 2001 at 20:20:00, Malcolm Cadman wrote: (ref: [EMAIL PROTECTED]) Tony maybe getting more, as I believe he has permanent link, rather than a dial up ? Well I am on the net a great deal (programming for wn.com) but that wouldn't affect me getting emails. I guess I am simply in a lot of people's address books. I don;t send them out though, firstly 'cos I run Demon's Turnpike, but also 'cos I have not opened any of them. Umm ... its just 'tough it out' then :-) Perhaps we could all post back an advert for the QL ... that would shock 'em ... using an anonymous hotmail address of course ! No good. I tried 'rejecting' a few (Turnpike mimics a return email as if my address didn;t exist) and most bounced straight back saying 'no such address' or 'mailbox full' They have got you all ways. Unfortunately the author(s) are intelligent (8-)# The best solution I reckon is for originating ISPs to filter emails with attachments for virii. Mind you we are then getting into privacy issues. The time taken for this exercise would possibly be far less than the resulting email traffic. I wonder how much bandwidth is added by post-discussion? -- QBBS (QL fido BBS 2:257/67) +44(0)1442-828255 mailto:[EMAIL PROTECTED] http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
Re: [ql-users] Virus
On Sat, 4 Aug 2001 at 20:23:41, Bill Waugh wrote: (ref: [EMAIL PROTECTED]) Tony Firshman wrote: On Fri, 3 Aug 2001 at 20:20:00, Malcolm Cadman wrote: (ref: [EMAIL PROTECTED]) Tony maybe getting more, as I believe he has permanent link, rather than a dial up ? Well I am on the net a great deal (programming for wn.com) but that wouldn't affect me getting emails. I guess I am simply in a lot of people's address books. I don;t send them out though, firstly 'cos I run Demon's Turnpike, but also 'cos I have not opened any of them. I've been following this thread and feeling rather neglected not having had any mails from Nigeria or suspect sources even Snow White seems to have deserted me, but then today I get one from Nigeria, yippee I'm back in with the in crowd. . but I haven't had any from Snow White, ever. Feeling grumpy (8-)# -- QBBS (QL fido BBS 2:257/67) +44(0)1442-828255 mailto:[EMAIL PROTECTED] http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
Re: [ql-users] Virus
At 08:25 PM 8/5/2001 +0100, you wrote: The best solution I reckon is for originating ISPs to filter emails with attachments for virii. Mind you we are then getting into privacy issues. Since virus scanners only look at files at the binary level (comparing binary sequences to known virii), there really is not a privacy issue. I don't know about NT boxes, but it would be fairly simple to have SendMail pass off mail to a virus filter. Tim Swenson
Re: [ql-users] Virus
In article 004c01c11de4$f10a0800$62065cc3@default, Dilwyn Jones [EMAIL PROTECTED] writes The best solution I reckon is for originating ISPs to filter emails with attachments for virii. Mind you we are then getting into privacy issues. Huh, what about my privacy getting these things in the first place, wasting my time, money and patience with them? Once you know the source you can block it / delete it, with your email software, or not even download it from your ISP. Yet this can go on for ever ... better as suggested that ISP's filter out the rogue emails in the first place. Which they can/could do ... yet this has implications for other things too, like the 'freedom' of the net, etc. -- Malcolm Cadman
Re: [ql-users] Virus
Tony wrote : The best solution I reckon is for originating ISPs to filter emails with attachments for virii. Mind you we are then getting into privacy issues. Some of the bigger ISPs filter received mail for standard virus and spam formats so that their customers just never receive them Freeserve do for example martinw
Re: [ql-users] Virus
I've been following this thread and feeling rather neglected not having had any mails from Nigeria or suspect sources even Snow White seems to have deserted me, but then today I get one from Nigeria, yippee I'm back in with the in crowd. I've had a couple from sierra leone (or however you spell it) The money laundering scam.
Re: [ql-users] Virus
Tony Firshman wrote: On Fri, 3 Aug 2001 at 20:20:00, Malcolm Cadman wrote: (ref: [EMAIL PROTECTED]) Tony maybe getting more, as I believe he has permanent link, rather than a dial up ? Well I am on the net a great deal (programming for wn.com) but that wouldn't affect me getting emails. I guess I am simply in a lot of people's address books. I don;t send them out though, firstly 'cos I run Demon's Turnpike, but also 'cos I have not opened any of them. I've been following this thread and feeling rather neglected not having had any mails from Nigeria or suspect sources even Snow White seems to have deserted me, but then today I get one from Nigeria, yippee I'm back in with the in crowd. All the best - Bill
Re: [ql-users] Virus
On Fri, 3 Aug 2001 at 20:20:00, Malcolm Cadman wrote: (ref: [EMAIL PROTECTED]) Tony maybe getting more, as I believe he has permanent link, rather than a dial up ? Well I am on the net a great deal (programming for wn.com) but that wouldn't affect me getting emails. I guess I am simply in a lot of people's address books. I don;t send them out though, firstly 'cos I run Demon's Turnpike, but also 'cos I have not opened any of them. -- QBBS (QL fido BBS 2:257/67) +44(0)1442-828255 mailto:[EMAIL PROTECTED] http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
Re: [ql-users] Virus
On 1 Aug 2001, at 15:58, Dilwyn Jones wrote: All the more reason to email etc from QDOS or SMSQ/E I suppose, as we're (almost) completely virus proof (ask Geoff Wicks about the almost in relation to his QXL). ??? A tale worth telling? Wolfgang - www.wlenerz.com
Re: [ql-users] Virus
Wasn't this what was meant to happen with the current worm/virus outbreaks - overwhelm business Windows NT systems and generally clog up the internet. Lookout Excess users can keep their system clearer for more useful QL-related emails by using the Tools facility. The viruses I have been getting recently are all from Greg Francis ([EMAIL PROTECTED]) and don't know if his address book is being hijacked or whatever. Basically I just tell Tools to locate emails from [EMAIL PROTECTED] and check the 'Delete Message Off Server' or 'don't download files from him' or whatever it's called. _Still dreaming of QDOS TCP/IP_ -- Dilwyn Jones [EMAIL PROTECTED] http://www.soft.net.uk/dj/index.html
Re: [ql-users] Virus
All the more reason to email etc from QDOS or SMSQ/E I suppose, as we're (almost) completely virus proof (ask Geoff Wicks about the almost in relation to his QXL). ??? A tale worth telling? Wolfgang Not really, especially as Geoff threatened to expose me via Quanta newsletter at the time. I had written a program which self-replicated like a virus and was using it to demonstrate to Geoff that a QL virus was possible, sadly it didn't work properly on his QXL and trashed his boot program at a Quanta workshop. Needless to say, the embarrassment caused meant all copies of the silly program were deleted and I never looked at it again. -- Dilwyn Jones [EMAIL PROTECTED] http://www.soft.net.uk/dj/index.html
Re: Re: [ql-users] Virus
Unfortunately this is not something I have any control over. Our company email system adds the text attachment to all outgoing emails after we've hit Send in the Outlook client. At least you're getting the message as well (whether you want it or not, ha ha) - some recipients have complained they're only getting the attachment! Yes, I get the message, at least. So here's another one... ;O) Guess I asked for that :-( -- Dilwyn Jones [EMAIL PROTECTED] http://www.soft.net.uk/dj/index.html
Re: [ql-users] Virus
On Thu, 2 Aug 2001 at 22:38:35, Dilwyn Jones wrote: (ref: 007401c11b9d$452124e0$b5065cc3@default) Wasn't this what was meant to happen with the current worm/virus outbreaks - overwhelm business Windows NT systems and generally clog up the internet. Lookout Excess users can keep their system clearer for more useful QL-related emails by using the Tools facility. The viruses I have been getting recently are all from Greg Francis ([EMAIL PROTECTED]) and don't know if his address book is being hijacked or whatever. Basically I just tell Tools to locate emails from [EMAIL PROTECTED] and check the 'Delete Message Off Server' or 'don't download files from him' or whatever it's called. I have had emails from 'him' but it is a totally forged address. I have had about 15 different addresses too. One particularly 'clever' on is from a name that looks french canadian, and the text content has been changed to look as if it came from Canada. These guys are clever. ... and they have increased in size to 160k, and I have now had about 60. This is clearly a major overload to the internet if I am typical. Odd that it has had no press comment. -- QBBS (QL fido BBS 2:257/67) +44(0)1442-828255 mailto:[EMAIL PROTECTED] http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
Re: [ql-users] Virus
Delete any mail fromGreg Francis [EMAIL PROTECTED] I have also received 3 of these. Course they don't do much to a linux box. But if you are running windows do not open the Pricelist.xls.com RockPed Customers.doc.bat or whatever that is attached. -- Bill
Re: [ql-users] Virus
In article [EMAIL PROTECTED], Bill Cable [EMAIL PROTECTED] writes Delete any mail fromGreg Francis [EMAIL PROTECTED] I have also received 3 of these. Course they don't do much to a linux box. But if you are running windows do not open the Pricelist.xls.com RockPed Customers.doc.bat or whatever that is attached. The 'clue' with these files is the 'doc.com', etc. Indicating that they are compiled Visual Basic, or similar. You may think they are OK if you assume that they are ordinary files of '.doc' or '.xls' origin, etc. In DOS / Windows format. Which is just waht the 'authors' would like you to do. -- Malcolm Cadman
RE: [ql-users] Virus
For full details of the virus, go here : http://vil.nai.com/vil/virusChar.asp?virus_k=99141 It will tell you what it does, how it does it, what to look for and how to get rid of it. Norman. Norman Dunbar EMail: [EMAIL PROTECTED] Database/Unix administrator Phone: 0113 289 6265 Lynx Financial Systems Ltd. Fax:0113 201 7265 URL:http://www.LynxFinancialSystems.com
Re: [ql-users] Virus
On Wed, 1 Aug 2001, Malcolm Cadman wrote: Pricelist.xls.com RockPed Customers.doc.bat I got psy.doc.com. Thanks for Linux. The 'clue' with these files is the 'doc.com', etc. Indicating that they are compiled Visual Basic, or similar. Compiled, unfortunately. They are really .exe's starting with the infamous MZ signature.
Re: [ql-users] Virus
Delete any mail fromGreg Francis [EMAIL PROTECTED] I have also received 3 of these. Course they don't do much to a linux box. But if you are running windows do not open the Pricelist.xls.com RockPed Customers.doc.bat or whatever that is attached. Yes, I got this one too. Some suspicious file extensions (.com IIRC) made me delete it. I was a bit suspicious getting an attachment from someone I didn't know (although Ian Pine does that to me via the mailing list each time). All the more reason to email etc from QDOS or SMSQ/E I suppose, as we're (almost) completely virus proof (ask Geoff Wicks about the almost in relation to his QXL). -- Dilwyn Jones [EMAIL PROTECTED] http://www.soft.net.uk/dj/index.html
RE: Re: [ql-users] Virus
...(although Ian Pine does that to me via the mailing list each time). Unfortunately this is not something I have any control over. Our company email system adds the text attachment to all outgoing emails after we've hit Send in the Outlook client. At least you're getting the message as well (whether you want it or not, ha ha) - some recipients have complained they're only getting the attachment! All incoming mails get a text attachment listing all the nodes the email visited on its way to me. So here's another one... ;O) Ian. -Original Message- From: dilwyn.jones Sent: 01 August 2001 15:59 To: ql-users Cc: dilwyn.jones Subject: Re: [ql-users] Virus Delete any mail fromGreg Francis [EMAIL PROTECTED] I have also received 3 of these. Course they don't do much to a linux box. But if you are running windows do not open the Pricelist.xls.com RockPed Customers.doc.bat or whatever that is attached. Yes, I got this one too. Some suspicious file extensions (.com IIRC) made me delete it. I was a bit suspicious getting an attachment from someone I didn't know (although Ian Pine does that to me via the mailing list each time). All the more reason to email etc from QDOS or SMSQ/E I suppose, as we're (almost) completely virus proof (ask Geoff Wicks about the almost in relation to his QXL). -- Dilwyn Jones [EMAIL PROTECTED] http://www.soft.net.uk/dj/index.html Visit our website at http://www.ubswarburg.com This message contains confidential information and is intended only for the individual named. If you are not the named addressee you should not disseminate, distribute or copy this e-mail. Please notify the sender immediately by e-mail if you have received this e-mail by mistake and delete this e-mail from your system. E-mail transmission cannot be guaranteed to be secure or error-free as information could be intercepted, corrupted, lost, destroyed, arrive late or incomplete, or contain viruses. The sender therefore does not accept liability for any errors or omissions in the contents of this message which arise as a result of e-mail transmission. If verification is required please request a hard-copy version. This message is provided for informational purposes and should not be construed as a solicitation or offer to buy or sell any securities or related financial instruments.
RE: Re: [ql-users] Virus
Funny, I don't get any attachments in Outlook, although it looks like your companies disclaimer (which I believe have no legal standing and therfore serve no purpose except taking up bandwidth, storage, time etc :o) ) is tagged onto the end of your message. Our company is looking into a standard disclaimer, but have found them to be useless, irritating (how many one line jokes have you had with about 2 Gigs worth of disclaimers !) and not legally binding. I suspect the MD will still go ahead anyway - his managerial style is based on that of Dilbert's boss :o) He also likes to say 'leverage' a lot - pronounced in the American way, and not the correct way (oops !), I think he heard it somewhere and thought it was catchy :o) Norman. Norman Dunbar EMail: [EMAIL PROTECTED] Database/Unix administrator Phone: 0113 289 6265 Lynx Financial Systems Ltd. Fax:0113 201 7265 URL:http://www.LynxFinancialSystems.com -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Wednesday, August 01, 2001 4:20 PM To: [EMAIL PROTECTED] Subject: RE: Re: [ql-users] Virus ...(although Ian Pine does that to me via the mailing list each time). Unfortunately this is not something I have any control over. Our company email system adds the text attachment to all outgoing emails after we've hit Send in the Outlook client. At least you're getting the message as well (whether you want it or not, ha ha) - some recipients have complained they're only getting the attachment! All incoming mails get a text attachment listing all the nodes the email visited on its way to me. So here's another one... ;O) Ian.
Re: [ql-users] Virus
This current virus (or is it a worm) is unbelievable. Typically they are 50 to 60k in total and I have had about 28 today. This must mean the internet is totally clogged today with these ruddy things. -- QBBS (QL fido BBS 2:257/67) +44(0)1442-828255 mailto:[EMAIL PROTECTED] http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
Re: [ql-users] Virus
At 08:49 pm 01/08/2001 +0100, you wrote: This current virus (or is it a worm) is unbelievable. Typically they are 50 to 60k in total and I have had about 28 today. This must mean the internet is totally clogged today with these ruddy things. Interestingly, they didn't think it would be as pervasive as the Love Bug (or whatever it was called), yet I've had 2 copies so far - which is two more than any virus I've ever had before... Cheers! Ade. -- B-Racing: B where it's at :-) http://www.b-racing.co.uk
Re: [ql-users] Virus
On Wed, Aug 01, 2001 at 04:19:50PM +0100, [EMAIL PROTECTED] wrote: ...(although Ian Pine does that to me via the mailing list each time). Unfortunately this is not something I have any control over. Our company email system adds the text attachment to all outgoing emails after we've hit Send in the Outlook client. At least you're getting the message as well (whether you want it or not, ha ha) - some recipients have complained they're only getting the attachment! All incoming mails get a text attachment listing all the nodes the email visited on its way to me. fantastic !!! So all the information that is already in the headers is doubled for no purpose but to anoy the user. Does it at least detect spoofed headers ;)? So here's another one... ;O) no attachment to this message, I see the disclaimer though. Did they change the way they add the disclaimer? I looks like continued text now. Bye Richard
Re: [ql-users] Virus
At 12:22 ðì 2/8/2001 +0200, you wrote: On Wed, Aug 01, 2001 at 04:25:08PM +0100, Norman Dunbar wrote: Our company is looking into a standard disclaimer, but have found them to be useless, irritating (how many one line jokes have you had with about 2 Gigs worth of disclaimers !) and not legally binding. I suspect the MD will still go ahead anyway - his managerial style is based on that of Dilbert's boss :o) there was a contest for the longest disclaimer not long ago, some US lawyers won with about 6.5 KB worth of disclaimers. What a surprise ;) Bye Richard Hehe, although that's the legacy of mother Britain and its common law system ;-).
RE: [ql-users] Virus alert (No, not a hoax !)
-Original Message- From: Tony Firshman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 26, 2001 10:51 PM To: [EMAIL PROTECTED] Subject: Re: [ql-users] Virus alert (No, not a hoax !) I don't run M$ mail programs - that is the reason I don't spread them! At work, I have no option - Outlook 2000 but seriously protected on the email server and on individual PCs with Macafee - which is probably the best AV on the go at the moment. At home, I use Opera and my wife uses Netscape. I would love to run a QL mail program - not least because it would simplify mailing lists. That would be nice :o) Norm. Norman Dunbar EMail: [EMAIL PROTECTED] Database/Unix administrator Phone: 0113 289 6265 Lynx Financial Systems Ltd. Fax:0113 201 7265 URL:http://www.LynxFinancialSystems.com
Re: [ql-users] Virus alert (No, not a hoax !)
In article [EMAIL PROTECTED] , Norman Dunbar [EMAIL PROTECTED] writes -Original Message- From: Tony Firshman [mailto:[EMAIL PROTECTED]] Sent: Tuesday, June 26, 2001 10:51 PM To: [EMAIL PROTECTED] Subject: Re: [ql-users] Virus alert (No, not a hoax !) I don't run M$ mail programs - that is the reason I don't spread them! At work, I have no option - Outlook 2000 but seriously protected on the email server and on individual PCs with Macafee - which is probably the best AV on the go at the moment. At home, I use Opera and my wife uses Netscape. OT - Yet Opera is good, well worth having as a Browser. I would love to run a QL mail program - not least because it would simplify mailing lists. That would be nice :o) It will have to have sensible 'defaults', and easy configuration ... to be a good example of a mail client :-) -- Malcolm Cadman
Re: [ql-users] Virus alert (No, not a hoax !)
On Mon, 25 Jun 2001 at 19:09:20, you wrote: (ref: [EMAIL PROTECTED]) - Original Message - From: Norman Dunbar [EMAIL PROTECTED] Subject: RE: [ql-users] Virus alert (No, not a hoax !) I got a private email Geoff. Thanks, also to Tony. The reason I posed this question was that you were the only people to report the virus, but you would have expected a lot more QLers to have caught it. If it writes to everyone in the address book, it means that it was also sent to this group but we were protected from it. Nice to know. It rather reminds me of the early days of the aids scare, when a single doctor said that the amazing thing was not the number of people who were HIV+, but the number of people who were not. I know if my address book were to become infected, all ql traders and many of my clients would be getting an unwanted present from me. Fortunately I have never had virus trouble, although I regularly get a suspicious spam. I examined it on a QL (aren't we lucky we can do that) and it seems more like an attempt to plant a trojan than a virus. I don't run M$ mail programs - that is the reason I don't spread them! I would love to run a QL mail program - not least because it would simplify mailing lists. -- QBBS (QL fido BBS 2:257/67) +44(0)1442-828255 mailto:[EMAIL PROTECTED] http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
RE: [ql-users] Virus alert (No, not a hoax !)
Sorry Richard, I missed those out :o) Norman. Norman Dunbar EMail: [EMAIL PROTECTED] Database/Unix administrator Phone: 0113 289 6265 Lynx Financial Systems Ltd. Fax:0113 201 7265 URL:http://www.LynxFinancialSystems.com I was holding myself back not to reply to Norman's post which is slightly incorrect. Of course the virus will not run on Linux, BSD, BeOS, MacOS, Acorn, AmigaOS, Solaris, Altos, Symoblics Machine, Plan 9, ZX 81 or any other remotely sane operating system.
RE: [ql-users] Virus alert (No, not a hoax !)
I got a private email Geoff. Norman Dunbar EMail: [EMAIL PROTECTED] Database/Unix administrator Phone: 0113 289 6265 Lynx Financial Systems Ltd. Fax:0113 201 7265 URL:http://www.LynxFinancialSystems.com -Original Message- From: Geoff Wicks [mailto:[EMAIL PROTECTED]] Sent: Friday, June 22, 2001 7:36 PM To: [EMAIL PROTECTED] Subject: Re: [ql-users] Virus alert (No, not a hoax !) Just a query on this thread. Did the people who received the virus email get it via an email from the ql-users group or via a private email? Geoff Wicks [EMAIL PROTECTED]
Re: [ql-users] Virus alert (No, not a hoax !)
In article [EMAIL PROTECTED], Timothy Swenson [EMAIL PROTECTED] writes I hate to continue this off topic issue and I dislike Microsoft as much as the next person, but the real Outlook issue is that the default options for Outlook are very unsecure. Most users are not aware of the security features and trust the default options, making themselves vulnerable to a trojan horse attack. The main rule is to not execute any attachment. By default Outlook can execute code without any acceptance by the user. A very bad default option. A nice brain dead mail reader like Pine is the best thing to use, as it makes no assumptions about what the user wants and treats all attachments the same (and does not execute them). Simpler mail readers are much better than the more advanced readers. Yes, it is the 'swings and roundabouts' of trying to make software, which is now very sophisticated, easy enough to operate by users. Adopting sensible 'defaults' is an issue that software developed in this area for the QL will have to address too. -- Malcolm Cadman
Re: [ql-users] Virus alert (No, not a hoax !)
Just a query on this thread. Did the people who received the virus email get it via an email from the ql-users group or via a private email? Geoff Wicks [EMAIL PROTECTED]
Re: [ql-users] Virus alert (No, not a hoax !)
SNIP Anyway it will only affect people who are foolish enough to run M$ mailers. SNIP Tony, that will only stop it from spreading outward from your, ahem, PC. It won't stop it running its payload - which is apparently to delete a few files at random then later on, format your hard drive(s). Norman. PS. If you only use a QL then no effect will be noticed :o) I'm getting fed up with such thoughtless attacks on everything MS... so thank you Norman for saying for me what I just couldn't be bothered to say. John in Wales
Re: [ql-users] Virus alert (No, not a hoax !)
SNIP Anyway it will only affect people who are foolish enough to run M$ mailers. SNIP Tony, that will only stop it from spreading outward from your, ahem, PC. It won't stop it running its payload - which is apparently to delete a few files at random then later on, format your hard drive(s). Norman. PS. If you only use a QL then no effect will be noticed :o) I'm getting fed up with such thoughtless attacks on everything MS... so thank you Norman for saying for me what I just couldn't be bothered to say. thoughtless attacks you say? I was holding myself back not to reply to Norman's post which is slightly incorrect. Of course the virus will not run on Linux, BSD, BeOS, MacOS, Acorn, AmigaOS, Solaris, Altos, Symoblics Machine, Plan 9, ZX 81 or any other remotely sane operating system. Suffice to say, that last month about 80% messages were in search of a solution for an MS Outlook problem and now the next purely MS problem. IMHO this can be either because MS does have only braindamaged users or because the software is braindamaged. Bye Richard
Re: [ql-users] Virus alert (No, not a hoax !)
At 07:06 PM 6/22/2001 +0200, you wrote: Suffice to say, that last month about 80% messages were in search of a solution for an MS Outlook problem and now the next purely MS problem. IMHO this can be either because MS does have only braindamaged users or because the software is braindamaged. I hate to continue this off topic issue and I dislike Microsoft as much as the next person, but the real Outlook issue is that the default options for Outlook are very unsecure. Most users are not aware of the security features and trust the default options, making themselves vulnerable to a trojan horse attack. The main rule is to not execute any attachment. By default Outlook can execute code without any acceptance by the user. A very bad default option. A nice brain dead mail reader like Pine is the best thing to use, as it makes no assumptions about what the user wants and treats all attachments the same (and does not execute them). Simpler mail readers are much better than the more advanced readers. Tim Swenson
Re: [ql-users] Virus alert (No, not a hoax !)
In article [EMAIL PROTECTED], Richard Zidlicky [EMAIL PROTECTED] writes SNIP Anyway it will only affect people who are foolish enough to run M$ mailers. SNIP Tony, that will only stop it from spreading outward from your, ahem, PC. It won't stop it running its payload - which is apparently to delete a few files at random then later on, format your hard drive(s). Norman. PS. If you only use a QL then no effect will be noticed :o) I'm getting fed up with such thoughtless attacks on everything MS... so thank you Norman for saying for me what I just couldn't be bothered to say. thoughtless attacks you say? I was holding myself back not to reply to Norman's post which is slightly incorrect. Of course the virus will not run on Linux, BSD, BeOS, MacOS, Acorn, AmigaOS, Solaris, Altos, Symoblics Machine, Plan 9, ZX 81 or any other remotely sane operating system. Suffice to say, that last month about 80% messages were in search of a solution for an MS Outlook problem and now the next purely MS problem. IMHO this can be either because MS does have only braindamaged users or because the software is braindamaged. He .. he .. these virus alerts are boring when you have other alternatives to M$ ware ... OT ... I know :-( ... but I recently heard an educationalist say the pupils were being taught MS Word ... not 'wordprocessing' ( generic ) ! -- Malcolm Cadman
Re: [ql-users] Virus alert (No, not a hoax !)
On Wed, 20 Jun 2001 at 12:38:38, you wrote: (ref: [EMAIL PROTECTED]) I only had the jokes and the exe file. There was no report on mine. Mind you, this virus (is a worm) and burrows into your system then hijacks Outlook to send itself areound to everyone in your address book - so it could have come from anywhere I suppose. Ah indeed yes - and the 'Bill Newell' was probably unaware of it. Odd that Bill hasn't commented yet - but I am pretty sure it wasn't him. He works on a part time basis for Ford I thought. Anyway it will only affect people who are foolish enough to run M$ mailers. I you want to move to a really professional product, have a look at Turnpike (via demon.net). Costs only £20 I think if you are not a Demon subscriber. There is a new version on beta test (V6) which is even better. -- QBBS (QL fido BBS 2:257/67) +44(0)1442-828255 mailto:[EMAIL PROTECTED] http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
RE: [ql-users] Virus alert (No, not a hoax)
Bill, welcome back :o) Regards, Norman. PS. Your business contact may not have sent you the virus, but his PC did, he may not be aware of this fact - unless he checks in his 'sent items' folder. Norman Dunbar EMail: [EMAIL PROTECTED] Database/Unix administrator Phone: 0113 289 6265 Lynx Financial Systems Ltd. Fax:0113 201 7265 URL:http://www.LynxFinancialSystems.com -Original Message- From: William Newell [mailto:[EMAIL PROTECTED]] Sent: Thursday, June 21, 2001 2:06 PM To: [EMAIL PROTECTED] Subject: RE: [ql-users] Virus alert (No, not a hoax) Hi Everybody, Now that I have successfully purged my system of virus(s), I feel it is safe to admit being the inadvertent dupe of the sick mind that devised the virus that infected my PC.. SNIP
Re: [ql-users] Virus alert (No, not a hoax !)
On Wed, 20 Jun 2001 at 10:32:07, you wrote: (ref: [EMAIL PROTECTED]) I received an email yesterday from a William Newell esq (aka Bill !) which has a couple of jokes on it, and an exe file. My work's email scanner detected that the exe was full of virus and deleted it from the email. If you got/get an email from Bill, with an exe file attached be very careful about opening it. In fact, don't ! I have informed Bill of his misfortune. I don't think it was the same Bill Newell. The source was Credit Suisse, and there was in fact a genuine performance report, as well as the (apparently) virus bound exe. I returned them all without opening. -- QBBS (QL fido BBS 2:257/67) +44(0)1442-828255 mailto:[EMAIL PROTECTED] http://www.firshman.demon.co.uk Voice: +44(0)1442-828254 Fax: +44(0)1442-828255 TF Services, 29 Longfield Road, TRING, Herts, HP23 4DG
RE: [ql-users] Virus alert (No, not a hoax !)
I only had the jokes and the exe file. There was no report on mine. Mind you, this virus (is a worm) and burrows into your system then hijacks Outlook to send itself areound to everyone in your address book - so it could have come from anywhere I suppose. Norman. Norman Dunbar EMail: [EMAIL PROTECTED] Database/Unix administrator Phone: 0113 289 6265 Lynx Financial Systems Ltd. Fax:0113 201 7265 URL:http://www.LynxFinancialSystems.com -Original Message- From: Tony Firshman [mailto:[EMAIL PROTECTED]] Sent: Wednesday, June 20, 2001 11:46 AM To: [EMAIL PROTECTED] Subject: Re: [ql-users] Virus alert (No, not a hoax !) The source was Credit Suisse, and there was in fact a genuine performance report, as well as the (apparently) virus bound exe. I returned them all without opening.
Re: [ql-users] Virus alert (No, not a hoax !)
In article [EMAIL PROTECTED] , Norman Dunbar [EMAIL PROTECTED] writes I only had the jokes and the exe file. There was no report on mine. Mind you, this virus (is a worm) and burrows into your system then hijacks Outlook to send itself areound to everyone in your address book - so it could have come from anywhere I suppose. As long as it is only Outlook it attacks I don't think too many of us will be worried :-) ... it is just the HTML it sends out that bothers us :-) -- Malcolm Cadman
