Mailinglist Archive: opensuse (2912 mails)

< Previous Next >
Re: [Fwd: [SLE] the directory "proc"] --Linux Virus and Spam pkgs-re Carlos
  • From: "Carlos E. R." <robin1.listas@xxxxxxxxxx>
  • Date: Thu, 10 Feb 2005 02:02:29 +0100 (CET)
  • Message-id: <Pine.LNX.4.58.0502100154510.12684@xxxxxxxxxxxxxxxx>

The Wednesday 2005-02-09 at 16:04 -0700, Ted Hilts wrote:

Ah, I saw first your private answer, I see you forwarded it later to the
list. Therefore, I post here my answer as well.

> Carlos
> I will see what I can do regarding these 2 Linux packages but first my email
> will have to be moved over to a Linux machine. Currently I use a Windows 95
> machine to bring in the email from my email account on a USA server and then
> through my ISP to this Win 95 machine. This way I am not using a production
> machine on my LAN and if the Win 95 machine blows up because of a virus then
> no major harm done. On the Win95 machine I isolate the contaminated email
> files and clean up the email files. When the Win 95 machine is clean I (via
> shares) move the email to a clean XP Pro production machine to be read and
> redistributed into appropriate files. I send email from either machine.

Slow process... probably safe, specially if the W95 machine is not
networked to the rest.

> I use Proland's Protector Plus anti virus and used to use Norton. The Worms
> crawl through both of these Anti-Virus packages not even detected by Norton.
> Apparently Proland does not feel that they should adjust their package to
> either quarantine or remove the virus and insist that I must manually identify
> the virus, delete the file, and take other measures to clean up the inbox and
> trash files. They say this is the only way to deal with worms.

It is probably true about new, unknown worms or viruses. On the other
hand, you may simply reject every email with any kind of executable
content, whatever it is. At most, delete the content and inform you. If it
comes from somebody you know, then spank him :-p

That is what amavis does, by default. It does not care to see if it is a
virus. Is it a windows executable, even in disguise? Delete it, ask
questions later. No antivirus needed.

Of course, you may add an antivirus.

> So I run
> Protector Plus from XP Pro to identify the worms on Win 95 and then clean up
> Win 95.

You should keep an image on CD. If the machine is compromised, simply
reformat and reinstall from image. Ghost is a program that does it. You
have it back as new inside 30 minutes.

> All this is a lot of work and time consuming and one of the reasons
> why I am slow responding with my email. I get a lot of email and I can't do
> any other email activity, like reading email, or responding to email, until
> all the incoming email has been loaded otherwise Win95 crashes. I get a lot of
> email every day and my gateways work through slow dial up lines as I am
> located in a rural area of Alberta, Canada and there are no other alternatives
> available to me.

Yes, I also use dial up.

> Once I am able to find the time to create a Linux email account and implement
> the Anti-Virus and Anti-Spam everyone has been talking to me about then I will
> take this Win95 machine and make it a dual boot and run a Linux email set up.
> As I mentioned in another email to the list, I think I will start with a
> Mozilla Linux email account and then move on to Sendmail or some other Linux
> package. But I cannot do this right away.

Frankly, I don't know what I would do if I had to use windows. In fact, I
have a relative in Ottawa, and I have lost email contact with her because
her windows machine dies soon after connecting. Some kind of cable or adsl
ISP, I suppose. And as she knows very little about computers, I can't do
nothing from here, except recommend hire some kind of maintenance service,
buy a firewall, I don't know.

But I understand there are accounts that do some anti-spam filtering, also
virus checking. Tiscali does for a fee. Or the ieee remailer does for
free. Surely there are more. Gmail I hear does some.

But certainly, downloading email on a Linux machine is pretty safe. Maybe
sometime an attack will be developed (beware of html email!), but so far,
I have seen none. However, if you intend to see those emails on a windows
machine without handling, then the windows machine is at risk, unless you
use some of the Linux tools to clean it - like amavis. In Linux I can open
and view virus loaded email with a quiet mind - for two reasons: Linux
email clients do not automatically execute attachments, and windows
executables are not so in Linux (unless you work under wine).

Carlos Robinson

< Previous Next >