Re: Sendmail Virus Question

Subject: Re: Sendmail Virus Question
From: civileme (civileme@mandrakesoft.com)
Date: Thu Apr 18 2002 - 13:44:56 AKDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
• Next message: civileme: "Re: RAID"
• Previous message: civileme: "Re: KDE3 troubles..."
• In reply to: bupdegraff: "Sendmail Virus Question"
• Next in thread: Richard Mckinney: "Re: Sendmail Virus Question"
• Reply: civileme: "Re: Sendmail Virus Question"
• Reply: civileme: "Re: Sendmail Virus Question"

On Thursday 18 April 2002 09:30 am, bupdegraff wrote:
> Folks,
>
> We are using Norton Antivirus Enterprise Edition which is centrally
> administered through our NT 4.0 server. Our E-Mail service is provided
> through our Sun Microsystems Cobalt Qube3 Internet Appliance running Linux
> which presumably uses Sendmail for the mail server.
>
> This morning, one of my users received the message below:
>
> -----Original Message-----
> From: postmaster@mailserv.directserv.com
> [mailto:postmaster@mailserv.directserv.com]
> Sent: Wednesday, April 17, 2002 10:13 PM
> To: hbowerman@akbible.edu
> Subject: MDaemon Warning - Virus Found
>
> The following message had attachment(s) which contained viruses:
>
> From : hbowerman@akbible.edu
> To : alaskaair@mailserv.directserv.com
> Subject : Re:so cool a flash,enjoy it
> Date : Wed, 17 Apr 2002 22:13:06 -0800 (AKDT)
> Message-ID: <200204180613.g3I6D6C17876@iris.slb.nwc.acsalaska.net>
>
> Attachment Virus name Action taken
> ---------------------------------------------------------------------------
>-

You might be getting email passed through the server which contains windows
viruses, but to infect the Qube is beyond most virus writers unless the setup
has been very very deliberately designed to allow it. The only linux viruses
areound are academic curiosities which the Anti-Virus people will happily
document the existence of in their campaign to sell linux anti-virus software
to gullible people. It is not unusual for a Norton program to detect a hit
on a port as a violation when it is a valid port, or for it to complain about
a virus when it sees a linux partition or boot sector or file.

About the best uses of a virus scanner on linux is an add-on to a mailserver
that scans for windows email-borne viruses.

It is theoretically possible to get a virus under linux that can propagate...
 It has to be a daemon-like program that sits and waits til it detects the
user who downloaded it running a "make" and then adding itself to the source
code stream going to the compiler on the fly--intruding as another program in
the pipe. Presumably when the user goes to root mode to run "make install"
then the infected program could be part of the root ... And when run it
could detect this condition and spread infection to eligible binaries.
That's a BIG program by then, and not likely to escape primary detection.
That's why linux/UNIX viruses are basically student homework or academic
curiosities--they might get there, but then what can they do?

Civileme

---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.

• Next message: civileme: "Re: RAID"
• Previous message: civileme: "Re: KDE3 troubles..."
• In reply to: bupdegraff: "Sendmail Virus Question"
• Next in thread: Richard Mckinney: "Re: Sendmail Virus Question"
• Reply: civileme: "Re: Sendmail Virus Question"
• Reply: civileme: "Re: Sendmail Virus Question"

This archive was generated by hypermail 2a23 : Thu Apr 18 2002 - 13:45:06 AKDT