l i n u x - u s e r s - g r o u p - o f - d a v i s
L U G O D
 
Next Meeting:
November 4: Social gathering
Next Installfest:
TBD
Latest News:
Oct. 10: LUGOD Installfests coming again soon
Page last updated:
2002 Apr 24 21:58

The following is an archive of a post made to our 'vox-tech mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox-tech] Linux's Vulnerability to E-mail Viruses
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox-tech] Linux's Vulnerability to E-mail Viruses



On Wed, Apr 24, 2002 at 09:21:12PM -0700, Richard S. Crawford wrote:
> I'm operating under the assumption that while viruses for Linux that
> spread like Windows viruses are very rare, there are still some out
> there.
> 
> So, given that, what level of vigilance is necessary against incoming
> viruses in a Linux system?

Richard,

  Short answer: don't read email as root, don't open attachments from 
email ever, do update your mail handling system from time to time
especially if you heard about an exploit in some component you use,
and do think before you react to an email.


Email borne viruses fall into three main categories:

- Vulnerabilities in your mail handing system,
  (mail server, fetchmail, procmail, email client, etc...)

    Which typically stack overflow problems and should be very rare
  and fixed by the upstream maintainers in a heart-beat once found 
  (sometimes quietly fixed) however these fixes get a fair amount of 
  publicity if found in the wild.

- Vulnerabilities in your attachment processing system or programs,
  (mail client auto-open-attachments, mailcap, 
   openoffice, abiword, gnumeric, etc...)

    A mailcap configuration _can_ be extremely dangerous, because you
  can elect to do anything you want with a data stream based on it's 
  mimetype.  If you pass a outside data stream to a vulnerable program 
  with mailcap or even manually you are at risk of any exploits against
  that program.

    There are a large number of these holes which exist, and some
  get created or closed every day.  Basically any program you run 
  that can be feed an input file and crashes is a hole should not
  be trusted with a mail borne data stream.  Fixes are not generally
  well published, as long as you stick to text based email you are safe.

    If you are doing mail as your own user the good news is you can
  not damage the system, just wipe out the files owned by your user
  account.  This is until someone builds a super virus which would 
  get initial user access through an application vulnerability then 
  run a collection local-root exploits to take over root.  This will
  be front page news practically ever where.

- Vulnerabilities in wetware processing the mail,
  ("send to all your friends or else", "Make money fast", 
   "do X and your hair won't fall out"
   save-to-file/change-to-file/chmod-to-executable/run-[as-root])

    There isn't much that can be done about these people, short
  of turning on spam filters, education, or execution (depending
  on your stance).

    TTFN,
      Mike
_______________________________________________
vox-tech mailing list
vox-tech@lists.lugod.org
http://lists.lugod.org/mailman/listinfo/vox-tech



LinkedIn
LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
facebook
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
Sunset Systems
Who graciously hosts our website & mailing lists!