[pmmail-list] [mkc] how can I avoid virus'es in the future?
Mike Kilroy
pmmail-list@blueprintsoftwareworks.com
Sun, 04 May 2003 06:49:01 -0400
--_=_=_=IMA.BOUNDARY.HTML_3241672=_=_=_
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
Thanks=20Luko=20for=20the=20description.=20=20
2=20Questions=20for=20the=20experts=20then....
Is=20it=20fair=20to=20say=20then=20that=20since=20they=20are=20not=20decod=
ed=20into=20an
attachment,=20they=20cannot=20execute?
Also,=20at=20times=20I=20will=20drag=20an=20empty=20message=20over=20to=20=
another=20account
in=20Pmmail,=20to=20see=20the=20html=20coded=20message:=20I=20have=20the=20=
other=20account's
editor=20set=20to=20use=20C:\WINDOWS\SYSTEM32\mshta.exe=20with=20argument
d:\program=20files\pmmail=202000\%s"=20so=20I=20can=20see=20the=20message.=
=20=20Even=20with
this=20then,=20I=20assume=20the=20attachment=20is=20not=20executable=20and=
=20therefore
safe,=20right?
On=20Sun,=2004=20May=202003=2009:46:03=20+0200=20(MES),=20L.Willms=20wrote=
:
>Dear=20Marty=20Rimpau,=20
>
>On=20Sat,=2003=20May=202003=2023:58:29=20-0700,=20Marty=20Rimpau=20wrote:=
>
>>=20=20I=20know=20about=20view=20headers=20with=20control=20v,=20but=20wh=
at=20does=20view
>>=20all=20with=20pm=20mail=2026976?=20
>
>=20=20=20I=20guess=20John=20Swartzentruber=20meant=20ALT-V=20in=20the=20m=
essage=20window,=20which=20
>shows=20not=20only=20all=20headers,=20als=20CONTROL-V=20does,=20but=20the=
=20whole=20message=20in=20
>its=20raw=20form,=20without=20trying=20to=20understand=20and=20decode=20t=
he=20MIME=20structure=20
>of=20the=20message.=20
>
>=20=20=20This=20one=20worm=20in=20question=20is=20not=20recognized=20by=20=
PMMail=20as=20an=20
>attachment,=20so=20when=20you=20have=20a=20filter=20which=20triggers=20a=20=
virus=20scan=20of=20the=20
>message=20on=20condition=20that=20the=20message=20has=20an=20attachment,=20=
in=20this=20case=20it=20
>will=20not=20work.=20
>
>=20=20=20I=20have=20several=20of=20such=20infected=20messages=20in=20the=20=
"Virus=20infected"=20
>folder=20of=20one=20of=20my=20accounts=20and=20have=20just=20looked=20at=20=
two=20of=20them.=20
>
>=20=20=20For=20one,=20you=20can=20recognize=20them=20by=20the=20size:=20t=
hey=20do=20have=20between=20120=20
>and=20180=20kilobytes,=20but=20PMMail=20does=20not=20recognize=20an=20att=
achment.=20When=20you=20
>look=20at=20the=20message=20in=20the=20preview=20pane=20and=20in=20the=20=
message=20window,=20you=20
>will=20see=20probably=20an=20empty=20message.=20
>
>=20=20=20The=20messages=20which=20I=20have=20checked=20here=20are=20marke=
d=20as=20Content-Type:=20
>multipart/alternative=20where=20the=20first=20part=20only=20opens=20an=20=
IFRAME=20(a=20
>relatively=20new=20HTML-tag)=20whose=20source=20is=20given=20as=20the=20c=
ontent=20ID=20of=20both=20
>the=20two=20other=20parts,=20which=20have=20both=20the=20same=20content=20=
ID,=20and=20of=20which=20
>the=20second=20seems=20to=20be=20a=20harmless=20JPG=20image,=20but=20the=20=
first=20one=20an=20
>executable=20program=20(e.g.=20with=20extension=20.SCR=20meaning=20screen=
=20saver)=20but=20
>marked=20as=20content-type=20e.g.=20audio/x-midi.=20Some=20of=20those=20m=
essags=20posed=20as=20
>"KLEZ=20removal=20tools"=20by=20their=20subject=20line,=20really=20impude=
nt.=20
>
>=20=20=20It=20is=20too=20bad=20that=20you=20can't=20see=20it=20so=20easil=
y...=20I=20guess=20you=20would=20
>recognize=20those=20as=20suspicious=20even=20without=20formally=20virus=20=
checking=20them.=20
>
>=20=20=20
>Yours,=20
>L=FCko=20Willms
>-----------------------------------------------
>Frankfurt/Main=20=20
>-=20pmmail-list=20-=20The=20PMMail=20Discussion=20List=20----------------=
-----------
>To=20POST=20to=20the=20list,=20send=20your=20message=20to:
>pmmail-list@blueprintsoftwareworks.com
>
>To=20UNSUBSCRIBE,=20send=20a=20message=20to=20mdaemon@bmtmicro.com=20
>with=20the=20first=20line=20of=20the=20message=20body=20being...
>UNSUBSCRIBE=20pmmail-list@blueprintsoftwareworks.com
>---------------------------------------------------------------------
>
Mike,=20AC8V
=20=20=20=20=20=20=20=20=20=20=20=20=20=20\\|//
=20=20=20=20=20=20=20=20=20=20=20(=20=20o=20.=20o=20=20)
-----o00o------(_)------o00o-----
=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20
- pmmail-list - The PMMail Discussion List ---------------------------
To POST to the list, send your message to:
pmmail-list@blueprintsoftwareworks.com
To UNSUBSCRIBE, send a message to mdaemon@bmtmicro.com
with the first line of the message body being...
UNSUBSCRIBE pmmail-list@blueprintsoftwareworks.com
---------------------------------------------------------------------
--_=_=_=IMA.BOUNDARY.HTML_3241672=_=_=_
Content-Type: text/html; charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable
<HTML>
<FONT=20FACE=3D"Courier=20New"=20DEFAULT=3D"FACE"><FONT=20SIZE=3D"2"=20POI=
NTSIZE=3D"10"=20DEFAULT=3D"SIZE">Thanks=20Luko=20for=20the=20description.=20=
=20<BR>
<BR>
2=20Questions=20for=20the=20experts=20then....<BR>
<BR>
Is=20it=20fair=20to=20say=20then=20that=20since=20they=20are=20not=20decod=
ed=20into=20an=20attachment,=20they=20cannot=20execute?<BR>
<BR>
Also,=20at=20times=20I=20will=20drag=20an=20empty=20message=20over=20to=20=
another=20account=20in=20Pmmail,=20to=20see=20the=20html=20coded=20message=
:=20I=20have=20the=20other=20account's=20editor=20set=20to=20use=20<FONT=20=
COLOR=3D0000ff>C:\WINDOWS\SYSTEM32\mshta.exe=20<FONT=20COLOR=3D000000=20DE=
FAULT=3D"COLOR">with=20argument=20<FONT=20COLOR=3D0000ff>d:\program=20file=
s\pmmail=202000\%s"<FONT=20COLOR=3D000000=20DEFAULT=3D"COLOR">=20so=20I=20=
can=20see=20the=20message.=20=20Even=20with=20this=20then,=20I=20assume=20=
the=20attachment=20is=20not=20executable=20and=20therefore=20safe,=20right=
?<BR>
<BR>
<BR>
<BR>
<BR>
<BR>
On=20Sun,=2004=20May=202003=2009:46:03=20+0200=20(MES),=20L.Willms=20wrote=
:<BR>
<BR>
>Dear=20Marty=20Rimpau,=20<BR>
><BR>
>On=20Sat,=2003=20May=202003=2023:58:29=20-0700,=20Marty=20Rimpau=20wro=
te:<BR>
><BR>
>>=20=20I=20know=20about=20view=20headers=20with=20control=20v,=20bu=
t=20what=20does=20view<BR>
>>=20all=20with=20pm=20mail=2026976?=20<BR>
><BR>
>=20=20=20I=20guess=20John=20Swartzentruber=20meant=20ALT-V=20in=20the=20=
message=20window,=20which=20<BR>
>shows=20not=20only=20all=20headers,=20als=20CONTROL-V=20does,=20but=20=
the=20whole=20message=20in=20<BR>
>its=20raw=20form,=20without=20trying=20to=20understand=20and=20decode=20=
the=20MIME=20structure=20<BR>
>of=20the=20message.=20<BR>
><BR>
>=20=20=20This=20one=20worm=20in=20question=20is=20not=20recognized=20b=
y=20PMMail=20as=20an=20<BR>
>attachment,=20so=20when=20you=20have=20a=20filter=20which=20triggers=20=
a=20virus=20scan=20of=20the=20<BR>
>message=20on=20condition=20that=20the=20message=20has=20an=20attachmen=
t,=20in=20this=20case=20it=20<BR>
>will=20not=20work.=20<BR>
><BR>
>=20=20=20I=20have=20several=20of=20such=20infected=20messages=20in=20t=
he=20"Virus=20infected"=20<BR>
>folder=20of=20one=20of=20my=20accounts=20and=20have=20just=20looked=20=
at=20two=20of=20them.=20<BR>
><BR>
>=20=20=20For=20one,=20you=20can=20recognize=20them=20by=20the=20size:=20=
they=20do=20have=20between=20120=20<BR>
>and=20180=20kilobytes,=20but=20PMMail=20does=20not=20recognize=20an=20=
attachment.=20When=20you=20<BR>
>look=20at=20the=20message=20in=20the=20preview=20pane=20and=20in=20the=
=20message=20window,=20you=20<BR>
>will=20see=20probably=20an=20empty=20message.=20<BR>
><BR>
>=20=20=20The=20messages=20which=20I=20have=20checked=20here=20are=20ma=
rked=20as=20Content-Type:=20<BR>
>multipart/alternative=20where=20the=20first=20part=20only=20opens=20an=
=20IFRAME=20(a=20<BR>
>relatively=20new=20HTML-tag)=20whose=20source=20is=20given=20as=20the=20=
content=20ID=20of=20both=20<BR>
>the=20two=20other=20parts,=20which=20have=20both=20the=20same=20conten=
t=20ID,=20and=20of=20which=20<BR>
>the=20second=20seems=20to=20be=20a=20harmless=20JPG=20image,=20but=20t=
he=20first=20one=20an=20<BR>
>executable=20program=20(e.g.=20with=20extension=20.SCR=20meaning=20scr=
een=20saver)=20but=20<BR>
>marked=20as=20content-type=20e.g.=20audio/x-midi.=20Some=20of=20those=20=
messags=20posed=20as=20<BR>
>"KLEZ=20removal=20tools"=20by=20their=20subject=20line,=20really=20imp=
udent.=20<BR>
><BR>
>=20=20=20It=20is=20too=20bad=20that=20you=20can't=20see=20it=20so=20ea=
sily...=20I=20guess=20you=20would=20<BR>
>recognize=20those=20as=20suspicious=20even=20without=20formally=20viru=
s=20checking=20them.=20<BR>
><BR>
>=20=20=20<BR>
>Yours,=20<BR>
>L=FCko=20Willms<BR>
>-----------------------------------------------<BR>
>Frankfurt/Main=20=20<BR>
>-=20pmmail-list=20-=20The=20PMMail=20Discussion=20List=20-------------=
--------------<BR>
>To=20POST=20to=20the=20list,=20send=20your=20message=20to:<BR>
><FONT=20COLOR=3D0000ff><U>pmmail-list@blueprintsoftwareworks.com<FONT=20=
COLOR=3D000000=20DEFAULT=3D"COLOR"></U><BR>
><BR>
>To=20UNSUBSCRIBE,=20send=20a=20message=20to=20<FONT=20COLOR=3D0000ff><=
U>mdaemon@bmtmicro.com<FONT=20COLOR=3D000000=20DEFAULT=3D"COLOR"></U>=20<B=
R>
>with=20the=20first=20line=20of=20the=20message=20body=20being...<BR>
>UNSUBSCRIBE=20<FONT=20COLOR=3D0000ff><U>pmmail-list@blueprintsoftwarew=
orks.com<FONT=20COLOR=3D000000=20DEFAULT=3D"COLOR"></U><BR>
>---------------------------------------------------------------------<=
BR>
><BR>
<BR>
</HTML>
<HTML>
<LEFT>
<FONT=20FACE=3D"Courier=20New"=20COLOR=3D"#000001"=20SIZE=3D"2"=20POINTSIZ=
E=3D"10"=20DEFAULT=3D"ALL">
<br>
Mike, AC8V<br>
<br>
&n=
bsp; \\|//<br>
( &=
nbsp;o . o )<br>
-----o00o------(_)------o00o-----<br>
<br>
<br>
&n=
bsp; </HTML>
--_=_=_=IMA.BOUNDARY.HTML_3241672=_=_=_--