[NTLUG:Discuss] Anti-Virus/Anti-Spamming for Sendmail on Linux

Steve Baker sjbaker1 at airmail.net
Wed Jan 29 12:26:07 CST 2003 

Pervaz Allaudin wrote:
> As a metter of general inquiry - What are the mechanisms by which a 
> linux Email virus would spread - As in shell script or some other  since 
> there is no VBA.

Well, there is this one:

-----------------------------------------------------------------------
        - YOUR HAVE JUST BEEN INFECTED BY THE LINUX VIRUS -

              This virus works on the honor system:

     If you're running a variant of unix or linux, please forward
     this message to everyone you know and delete a bunch of your
     files at random
-----------------------------------------------------------------------

OK - but seriously...

In principle - a buffer-overrun vulnerability in one of our email tools
could open the door to a virus.  It's possible that some idiot would write
a mail program that would execute the contents of incoming emails - but
that would be "A Bad Thing" and hopefully nobody would use such a tool.

I guess that HTML mail that could contain Java/JavaScript would be another
possible route to problems - but Java's sandbox is supposed to prevent that.

Reading your email in a Java-enabled browser is DANGEROUS!

So there are definitely some mechanisms that could hypothetically
spread a virus.  There was a story a few weeks ago about an actual,
for real, Linux virus - but it spread only by people using Windoze
tools under WINE - so that doesn't count!

The thing that makes Linux so strong in this respect is that there are
a gazillion email tools out there - and the chance of an email that's
targetted at (say) 'pine' spreading like wildfire is very small. If it
managed to infect my machine via an overrun exploit in 'pine' - and
then tried to spread by emailing everyone in my address book - it would
probably find one or maybe two people who are also running pine.  The
majority of the copies that would be propagated would be read by people
who use Mozilla or Elm or Emacs or whatever.

OTOH, if you were running a Windoze system, 99% of the people on your
mailing list would become infected - and they would go on to spread it
still further.

The S-L-O-W (about linear) rate of spread that a hypothetical Linux
email virus would have gives PLENTY of time to fix the problem and
make the fix widespread in the community.  In a Windoze system, the
growth is exponential and a particularly nasty virus will spread around
the world in a matter of hours.  With Linux, it would take *MONTHS*.

I like to think of this in biological terms.  Biological genetic
diversity is A Good Thing - and it's true for computer systems too.
Diversity makes life VERY difficult for The Bad Guys.

If Linux on the desktop became MUCH more popular - and if one mailer
appeared to be MUCH better than the others - so nearly everyone used
it - then I suspect that we'd see the occasional Linux email virus
appearing from time to time.

However, there are other things that make Linux less vulnerable - things
like not running as 'root' - which makes it harder for the Virus to do
nasty things to your machine.  Everything being OpenSourced means that
many people are looking for bugs - and they get fixed quickly.  Most
Linux users are technically knowlegeable and know how to shut down
unneeded services, etc, etc.

When people talk about virus blockers for Linux, they don't generally
mean blocking viruses AIMED AT THE LINUX MACHINE - they mean the situation
where a Linux machine is the mail server for a bunch of Windoze machines
and does the work of scanning incoming mail for virii before they reach
any of the client Windoze machines.
---------------------------- Steve Baker -------------------------
HomeEmail: <sjbaker1 at airmail.net>    WorkEmail: <sjbaker at link.com>
HomePage : http://www.sjbaker.org
Projects : http://plib.sf.net    http://tuxaqfh.sf.net
            http://tuxkart.sf.net http://prettypoly.sf.net

More information about the Discuss mailing list