OT Viruses

In ,
John Knight typed:

(Am I going to regret this?) If anyone wants a copy I could make it
available for free, at your own risk etc. You might have to install
the Java runtime though, and it does have to be POP3, not webmail.


The advantage of the SpamCop solution is that the crap is trapped *before*
it gets to your POP3 box and so no further action, such as deleting them, is
required. And, of course, they don't have to be downloaded to be tagged or
filtered. SpamCop retains the intercepted messages for a few weeks before
binning them, just in case you want to check them.

Jo

Many thanks for useful responses. The increase ain't general but I am
far from alone in experiencing it.

My ISP reckons their customers wouldn't like them interfering with
their customers emails and so will only filter out on specific request
with known subject and or sender - not a feature of most virus
bearers.

I've now got frontgate installed but it needs a pre-known source for
its filters.

What would be handy is to pre-screen anything with an attachment and
give me the option of deleting or downloading later - eg when phone
rates are cheaper.

-----------------------------
Martin Frey
http://www.hadastro.org.uk
N 51 01 52.2 E 0 47 21.1
-----------------------------

JRS: In article , dated
Fri, 17 Dec 2004 00:06:14, seen in news:uk.sci.astronomy, Mark McIntyre
posted :
On Thu, 16 Dec 2004 17:11:20 GMT, in uk.sci.astronomy , Phil
wrote:


Its only a problem for Windows users. Anyone running a Mac or Linux system
doesnt have to worry about viruses.

Please do NOT distribute such nonsensical suggestions. Even a trivial
websearch proves your error.

It's no doubt true that real viruses for Mac/Linux/etc. do exist and
propagate.

But at present a vast amount of malmail is being generated, aimed at
"more-or-less arbitrary left parts @ somewhere". This particularly
affects those who "own" an E-address set "everything @ somewhere", of
course. Even auto-refusing stuff to unknown left parts takes machine and
link time.

AIUI that class of stuff is only infective on PCs or on Windows PCs; but
it can amount to a DoS attack on anyone.

--
© John Stockton, Surrey, UK. Turnpike v4.00 MIME ©
Web URL:http://www.uwasa.fi/~ts/http/tsfaq.html - Timo Salmi: Usenet Q&A.
Web URL:http://www.merlyn.demon.co.uk/news-use.htm : about usage of News.
No Encoding. Quotes before replies. Snip well. Write clearly. Don't Mail News.

Martin Frey wrote:
Many thanks for useful responses. The increase ain't general but I am
far from alone in experiencing it.
....
What would be handy is to pre-screen anything with an attachment and
give me the option of deleting or downloading later - eg when phone
rates are cheaper.

It does do both of those already, Martin. Do you have the message
contents windows turned on?


--
Graham W http://www.gcw.org.uk/ PGM-FI page updated, Graphics Tutorial
WIMBORNE http://www.wessex-astro-society.freeserve.co.uk/ Wessex
Dorset UK Astro Society's Web pages, Info, Meeting Dates, Sites & Maps
Change 'news' to 'sewn' in my Reply address to avoid my spam filter.

On Fri, 17 Dec 2004 18:04:54 +0000, Martin Frey
wrote:

I've now got frontgate installed but it needs a pre-known source for
its filters.

What would be handy is to pre-screen anything with an attachment and
give me the option of deleting or downloading later - eg when phone
rates are cheaper.

Have you looked at Mailwasher? http://www.mailwasher.net/
It will compare incoming emails against Spamcop's list of known
spammers and flag those that are known for deletion - also features a
learning mode so it improves with time, has a friends list and flags
their messages as such. Preview and delete mail without ever
downloading it. Very good I reckon, and have been using it for the
last two years.
Regds Lock

Dr John Stockton wrote:

It's no doubt true that real viruses for Mac/Linux/etc. do exist and
propagate.

Currently there is one virus for MacOSX, and it's more-or-less a proof
of concept and actually requires you to install it!

Most attacks on Unix systems (and I group MacOSX, FreeBSD and Linux in
this) takes the form of exploits against running services, ie they are
targetted at services running on the host machine (such as Apache)
rather than the OS itself, and there's no 'infection' as such.

But at present a vast amount of malmail is being generated, aimed at
"more-or-less arbitrary left parts @ somewhere". This particularly
affects those who "own" an E-address set "everything @ somewhere", of
course. Even auto-refusing stuff to unknown left parts takes machine and
link time.

AIUI that class of stuff is only infective on PCs or on Windows PCs; but
it can amount to a DoS attack on anyone.

Correct.

A brief extract from my firewall log:

[odin] jim sudo tail -f /var/log/security
Dec 18 05:20:41 odin /kernel: ipfw: 65435 Deny TCP 212.159.115.213:4093
192.168.2.2:445 in via ed1
Dec 18 05:20:44 odin /kernel: ipfw: 65435 Deny TCP 212.159.115.213:4093
192.168.2.2:445 in via ed1
Dec 18 05:45:59 odin /kernel: ipfw: 65435 Deny TCP 212.159.115.67:3808
192.168.2.2:445 in via ed1
Dec 18 05:46:02 odin /kernel: ipfw: 65435 Deny TCP 212.159.115.67:3808
192.168.2.2:445 in via ed1
Dec 18 05:59:00 odin /kernel: ipfw: 65435 Deny TCP 211.144.162.199:3249
192.168.2.2:1080 in via ed1
Dec 18 05:59:03 odin /kernel: ipfw: 65435 Deny TCP 211.144.162.199:3249
192.168.2.2:1080 in via ed1
Dec 18 06:08:36 odin /kernel: ipfw: 65435 Deny TCP 217.126.251.47:1091
192.168.2.2:1433 in via ed1
Dec 18 06:08:46 odin last message repeated 2 times
Dec 18 06:13:26 odin /kernel: ipfw: 65435 Deny TCP 212.159.115.67:3462
192.168.2.2:445 in via ed1
Dec 18 06:13:29 odin /kernel: ipfw: 65435 Deny TCP 212.159.115.67:3462
192.168.2.2:445 in via ed1

Of those entries, the '445' ones are Windows viruses attempting to
spread, the 1080 one is probably 'WinHole' and the 1433 is someone
trying to connect to a (nonexistant) MS SQL server.

In other words, they're all Windows attacks.

I hate Windows. I really, really do.

Jim
--
Find me at http://www.ursaminorbeta.co.uk AIM/iChatAV: JCAndrew2
If half the software you're running is to protect you from other
software, you're using the wrong operating system.

On Sat, 18 Dec 2004 07:11:57 +0000, in uk.sci.astronomy ,
(Jim) wrote:

Most attacks on Unix systems (and I group MacOSX, FreeBSD and Linux in
this) takes the form of exploits against running services, ie they are
targetted at services running on the host machine (such as Apache)
rather than the OS itself, and there's no 'infection' as such.

FWIW I'd argue that this is little different to windows viruses - most if
not all target something running or available on the host machine (IIS,
SQLServer, Wordpad, Office, etc). The real question is whether the virus is
then able to gain elevated priveleges on the box. Since many Win98 and ME
users will be running with admin rights, this is a given. But this isn't
the fault of the OS per se, its another example of social engineering.

Of those entries, the '445' ones are Windows viruses attempting to
spread,

445 is Windows' filesharing port, and Win98 machines are promiscuously
chatty on it. The traffic is probably no more than chatty Win98 machines.

I hate Windows. I really, really do.

Hating an OS is a bad idea. Its like hating tarmac, probably a sign of some
deeper problem...
(gd&r)

--
Mark McIntyre
CLC FAQ http://www.eskimo.com/~scs/C-faq/top.html
CLC readme: http://www.ungerhu.com/jxh/clc.welcome.txt

----== Posted via Newsfeeds.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeeds.com The #1 Newsgroup Service in the World! 120,000+ Newsgroups
----= East and West-Coast Server Farms - Total Privacy via Encryption =----

"Martin Frey" wrote in message
...
The frequency of emails with viruses arriving on my PC has risen
sharply in the last couple of months (nearly all called W32sober,
though they are beginning to make me less than sober).

Getting them in and waiting while Norton does its thing is practically
doubling my online dialup time.

Am I alone or is this general?

Sorry OT but ...

-----------------------------
Martin Frey
http://www.hadastro.org.uk
N 51 01 52.2 E 0 47 21.1
-----------------------------

I'm sorry but I don't understand what you mean by getting them in and
waiting while Norton does its thing.
My ISP filters out most of the spam and suspected virus containing emails
but a few do occasionally make it through. I see them in my outlook express
and I just delete them. What am I missing?

Best regards,
Bill

"Bill Becker" wrote:
"Martin Frey" wrote in message
.. .
[spam+viruses]
Getting them in and waiting while Norton does its thing is practically
doubling my online dialup time.

Am I alone or is this general?

I'm sorry but I don't understand what you mean by getting them in and
waiting while Norton does its thing.
My ISP filters out most of the spam and suspected virus containing emails
but a few do occasionally make it through. I see them in my outlook express
and I just delete them. What am I missing?

The fact that Matin Frey's ISP doesn't do that? Or perhaps they can,
but Martin doesn't want the risk of false-positives?


Tim
--
This is not my signature.

"Tim Auton" wrote in message
...
"Bill Becker" wrote:
"Martin Frey" wrote in message
. ..
[spam+viruses]
Getting them in and waiting while Norton does its thing is practically
doubling my online dialup time.

Am I alone or is this general?

I'm sorry but I don't understand what you mean by getting them in and
waiting while Norton does its thing.
My ISP filters out most of the spam and suspected virus containing emails
but a few do occasionally make it through. I see them in my outlook
express
and I just delete them. What am I missing?

The fact that Matin Frey's ISP doesn't do that? Or perhaps they can,
but Martin doesn't want the risk of false-positives?


Tim
--
This is not my signature.

My point is that I see the possible virus on OE and Norton doesn't have to
do anything. I just delete the thing. Is he clicking on the message with the
preview pane option enabled?

Best regards,
Bill