mailing list archives
Re: Re: text
From: Byron Copeland <nodialtone () comcast net>
Date: 24 Mar 2004 22:16:01 -0500
Yeah, I'd think that is pretty lame that a virus scanner would just
parse text in an email and declare the "sky is falling" and not actually
look for a documented signature.
On Wed, 2004-03-24 at 20:59, Paul Schmehl wrote:
--On Wednesday, March 24, 2004 4:06 PM -0500 Valdis.Kletnieks () vt edu wrote:
*yawn* So some bozo who reads full-disclosure has a virus, and it scraped
the listname and Paul's name. Death of Internet Predicted. Film at 11.
False assumption. No one on this list has to be infected for this list to
get a virus. All it takes is someone who is infected and has the email
address of a list member on their hard drive - in an addressbook, in their
browser cache, in a text file they saved from a website, and the virus can
send email "from" them. Then all that is left is to have the address of
the list as well, and the virus can send mail to the list.
However, in this case, *I* sent the "virus". I had the word "t e x t . p i
f" in the body of my message (without the spaces, of course), and the
poorly configured AV scanners "detected" a virus.
If you give that some brief thought, it should appall you that people
actually *paid* for that software when grep could do the same thing.
Paul Schmehl (pauls () utdallas edu)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
Full-Disclosure - We believe in it.
"Save yourself from the 'Gates' of hell, use Linux." -- The_Kind @
Description: This is a digitally signed message part