
On 2017-09-19 10:52, Bjoern Voigt wrote:
Today I got a malware mail with an *.7z attachment. I saved the attachment and opened the 7z archive with Ark for further investigation.
The attachment contained a *.vbs Visual Basic Script file. It is mostly a downloader script which downloads malware from a Russian server.
The problem: If I click on the file (instead of choosing "Preview" in context menu), Ark opens Wine with the malware VBS script. My Sophos on-access scanner blocked the attachment.
My question: How I can configure KDE or Ark so, that it does not open some problematic file types, especially not with Wine? I also wonder about the insecure default settings.
But you are actively clicking on a .vbs file, an "executable". The default action would be execute it (with wine). However, if it does not have the execute flag enabled, it would be a bug to try to execute it. -- Cheers / Saludos, Carlos E. R. (from 42.2 x86_64 "Malachite" at Telcontar)