Hello Ochrid, On Sun, 14 Jul 2002 11:04:06 +0200 GMT (14/07/02, 16:04 +0700 GMT), Ochrid wrote:
O> I pasted the eicar.com in the message body. O> suppose it was a real virus wouldn't it then be able to do it's O> nasty job from the message itself, just as it would from the O> attachment? No, this is technically not possible. A virus is a program that needs to be executed in order to do harm. So far, it was necessary for the user to click on the attachment. Klez is the first virus that auto-executes due to the "user-friendliness" of OL/OE. Nevertheless, the malicious code is executed, and that is the very point. A virus scanner works by checking whether any known strings are found in the attachment. The scanner actually has a huge database and compares all strings it knows with the complete attachment. If it finds a match, it will raise the alarm. Those strings are usually not human-readable, as they are often part of compiled code. A string that is contained in a plain-text message cannot be executed and is therefore harmless. Even if it would match a string in the virus database: plain text is simply not executable. Therefore, it cannot do any nasty job. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. You have a right to your opinions. I just don't want to hear them. Message reply created with The Bat! 1.61 under Chinese Windows 98 4.10 Build 2222 A using an AMD Athlon K7 1.2GHz, 128MB RAM ________________________________________________________ Current Ver: 1.60q FAQ : http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
