On 2014-09-14 21:06, pinguin74 wrote:

Am 14.09.2014 17:53, schrieb Carlos E. R.:

Well, maybe antivirus tools really are not much better than a placebo... I just hoped, ClamAV may have a good heuristic system....

They do detect things, but certainly not all. Only known things. And there are a lot of malwares... You probably have to use several engines. How good is clamav at heuristics, I really don't know. I only use the antivirus on Linux to know what I get on email, not for real - any executable gets banned on sight. Docs that do not come directly from friends, unrequested, are very suspect, I don't open them. If I have to, there are doc converters that do not know how to translate scripts. -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 2014-09-15 14:06, Anton Aylward wrote:

On 09/14/2014 11:53 AM, Carlos E. R. wrote:

...

On 2014-09-14 17:18, pinguin74 wrote:

...

...

What is your opinion about the strength of ClamAV? I now and then I receive malware in email it does not detect. Sometimes Avira does. And other times it is the other way round.

I'm curious as to what that malware might be? Was it something that was Windows-specific or might it have some effect on Linux?

So far, Windows specific, and very little. my amavis simply bans any exe file in attachments, even inside zips, and they are apparently not scanned then by the antivirus. I see I get some of them. Mail positives detected by the antivirus itself are scarce, none this year unless I goofed somewhere (I have to check). Otherwise, I got: Email.Trojan-277 virus Email.Trojan-277 Email.Trojan-303, Trojan.Spy.Zbot-566 Email.Trojan-280, Suspect.Trojan.Generic.FD-1 Email.Trojan-280, BC.Heuristic.Trojan.SusPacked.BF-6.B BC.Heuristic.Trojan.SusPacked.BF-6.A Amavis does not, afaik, create a log of the malware that it filters. What, from, to, date, subject, would be nice. And, by the way, Avira antivir has moved out of the Linux business, so the only free antivirus that I know in Linux that still works is clamav. My "banned" mail folder contains entries now and then with zip archives, that I guess might contain PDFs or DOCs. I would have to manually look inside. Let me see... Invoice_8990040.zip --> Invoice_24042014.scr PE32 executable (GUI) Intel 80386, for MS Windows clamscan --> clean. VoiceMail.zip --> VOICE347-643-6325.scr PE32 executable (GUI) Intel 80386, for MS Windows clamscan --> clean. invoice 7941461.zip --> invoice 8820122/invoice 8820122.exe PE32 executable (GUI) Intel 80386, for MS Windows clamscan, antivir --> clean. So you see, clamav in those cases would have been totally useless, 3 of 3. It is amavis which bans them simly because they are executable... Most claim to be a document, but they are runable files inside zips. I don't see a .doc file, but then I have not opened all zips. If I got those emails in Windows, and I be using clamav or avira, I could be hosed... except that I do not click to open unrequested zips. - -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar) -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.22 (GNU/Linux) iEYEARECAAYFAlQW4B0ACgkQtTMYHG2NR9WoBgCgiWnMSC3EIpvw6Jmhb2zh7xP6 gqUAn2Rlagm0Md7KMIk13xnx0Z7J2SmU =13KW -----END PGP SIGNATURE----- -- To unsubscribe, e-mail: opensuse-security+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-security+owner@opensuse.org

On 2014-09-15 16:06, Carlos E. R. wrote:

I have no idea what it does, but I'm curious. Javascript can run in Thunderbird without asking... (although I can't find in the preferences where to enable/disable that).

Apparently javascript can not be enabled for email, but is enabled by default for RSS feeds. The setting is in about:config, named "javascript.enabled" - which is confusing because it does not apply to email at all. http://www.ghacks.net/2012/01/21/how-to-make-thunderbird-more-secure/ http://www.ghacks.net/2010/06/30/thunderbird-3-javascript-whats-the-deal/ -- Cheers / Saludos, Carlos E. R. (from 13.1 x86_64 "Bottle" at Telcontar)