[pmmail-list] how can I avoid virus'es in the future?

L.Willms pmmail-list@blueprintsoftwareworks.com
Sun, 04 May 2003 09:46:03 +0200 (MES) 

Dear Marty Rimpau, 

On Sat, 03 May 2003 23:58:29 -0700, Marty Rimpau wrote:

>  I know about view headers with control v, but what does view
> all with pm mail 26976? 

   I guess John Swartzentruber meant ALT-V in the message window, which 
shows not only all headers, als CONTROL-V does, but the whole message in 
its raw form, without trying to understand and decode the MIME structure 
of the message. 

   This one worm in question is not recognized by PMMail as an 
attachment, so when you have a filter which triggers a virus scan of the 
message on condition that the message has an attachment, in this case it 
will not work. 

   I have several of such infected messages in the "Virus infected" 
folder of one of my accounts and have just looked at two of them. 

   For one, you can recognize them by the size: they do have between 120 
and 180 kilobytes, but PMMail does not recognize an attachment. When you 
look at the message in the preview pane and in the message window, you 
will see probably an empty message. 

   The messages which I have checked here are marked as Content-Type: 
multipart/alternative where the first part only opens an IFRAME (a 
relatively new HTML-tag) whose source is given as the content ID of both 
the two other parts, which have both the same content ID, and of which 
the second seems to be a harmless JPG image, but the first one an 
executable program (e.g. with extension .SCR meaning screen saver) but 
marked as content-type e.g. audio/x-midi. Some of those messags posed as 
"KLEZ removal tools" by their subject line, really impudent. 

   It is too bad that you can't see it so easily... I guess you would 
recognize those as suspicious even without formally virus checking them. 

   
Yours, 
Lüko Willms
-----------------------------------------------
Frankfurt/Main  
- pmmail-list - The PMMail Discussion List ---------------------------
To POST to the list, send your message to:
pmmail-list@blueprintsoftwareworks.com

To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com 
with the first line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com
---------------------------------------------------------------------