FWIW, notes on this virus warning from one of my IS gurus, Bill Bentley. ************** At 08:18 PM 13 August 2002 +0200, Han Maenen wrote: >Joe's message did not yield a virus warning on my computer. I have Norton >Anti-Virus 2000 and my virus definitions are up to date. .....
Our McAfee is up to date as well, thanks to our nightly update process. At this point, it is possible that either a) McAfee scored a false alarm, or b) his Norton did not detect a real threat. Comparing virus scanners easily becomes a holy war, and is best left to non-biased, independent labs. I don't know Norton's capability in this regard, nor do I know [Han's] configuration, but McAfee also has the ability to scan for MIME exploits and vulnerabilities that are not specifically "virus code". Since we're running McAfee on a mail server scanning attachments, I have enabled this additional scanning capability. >Joe has an Apple computer as far as I know, and Apples can never infect PC's. Not true. First of all, in the abstract case, cross-platform viruses are a proven concept, and are becoming more common. There have even been contrived "proof of concept" viruses written that infect poorly configured Linux boxes as well as Windows. On the more practical level, the warning was Exploit-MIME.gen. To get educated on this exploit, follow this link: http://vil.mcafee.com/dispVirus.asp?virus_k=99273 According to this page, Klez, Nimda and Badtrans are common Win32 worms that employ this MIME attack, but there are many others. While I am not an expert on MacOS viruses and worms, it certainly is plausible that one or more of them could easily employ this MIME envelope attack against the larger pool of MS mail clients available on the 'Net. >your virus checker may have triggered a false alarm because of the HTML >stuff in that message. Not the HTML, but the purposely malformed MIME envelope to take advantage of the MS vulnerability. After virus scanning is done, we have an additional application that disables most of the potential threats that HTML-embedded e-mail introduces (scripting, web bugs, etc.). > >Or maybe you use an Apple too, Only if it's running Linux. ;) ******************* Jim Elwell, CAMS Electrical Engineer Industrial manufacturing manager Salt Lake City, Utah, USA www.qsicorp.com
