Re: McAfee deletes mail folders?
From: Jim Howes (sewoh.mij_at_moc.gisorp.backwards.invalid)
Date: 01/30/04
- Next message: Robert Moir: "Re: Question about advice for MyDoom given on L.A. news channels"
- Previous message: Robert Moir: "Re: is this a logical idea??"
- In reply to: John Jason Hajicek: "McAfee deletes mail folders?"
- Next in thread: refv2_at_attbi.net: "Re: McAfee deletes mail folders?"
- Reply: refv2_at_attbi.net: "Re: McAfee deletes mail folders?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Fri, 30 Jan 2004 14:48:22 +0000
John Jason Hajicek wrote:
> Why did McAfee delete my entire Netscape mail folder just because one
> of the emails contained the MyDoom virus? I know not to click on an
> attachment anyway. I would have deleted only the single email, not
> the entire email folder.
You too, huh..
I filter mail at the gateway, and the gateway mails me a summary,
including headers and partial message, which I filter into a 'virus'
folder in Mozilla.
To execute the virus I would have to cut and paste the executable
base64-encoded text out of mozilla, save it to a file, un-base64 encode
that file (with something like mmencude -u (which I don't seem to have
built right now)) and manually execute it.
All of this is fairly hard to do accidentally.
I was, therefore, not amused when McAfee VirusScan Enterprise 7, engine
4.2.60, DAT 4321 (29 Jan) decided to nuke my virus folder.
I have, therefore, in VirusScan On-Access properties, All processes,
Detection, Exclusions, excluded my mail folders. Mozilla will, by
default, extract executables to other directories anyway, so the virus
killer can catch it then (IF someone finds an exploit of the same order
of magnitude as the many in OE that causes auto-execution))
> I had unchecked the feature "scan email and attachments" and unchecked
> the feature "scan my computer at a schedule time."
Yes, but the on-access scanner doesn't know about Mozilla/Netscape mail
folders; it just seems base64 encoded binaries lurking within a file
that is being written to, and panics.
> I was using filters to filter most variants of MyDoom virus into a
> segregated folder. Apparently numerous people have my email address
> because I was receiving about 250 MyDoom viruses per day but had not
> been infected.
250? I'd give an arm and a leg to _only_ get 250. While I've been
typing this, another 16 have turned up.
Actually, it's not that bad. Because Mozilla folders are in mbox format
(i.e. text files), I have written various scripts of my own to scan the
headers and prepare mail to those source addresses/abuse desks which can
be identified, and bin those messages that are from korea (where they
don't care), china (ditto), and known spamhausen (who probably wrote the
virus in the first place).
> McAfee did not quarantee the file, nor put it my recycle bin. Is
> there a way to recover the deleted file?
In theory, in On-access scan properties, all processes, actions. In the
context of a mail message (which McAfee erroneously thinks
Netscape/Mozilla folders are), the action is to delete the file.
(Outlook would, if you asked it, write a similar format file for one
message or type .eml). McAfee obviously doesn't know that Mozilla
folders can contain more than one message (because they are standard
mbox files).
> I am constantly frustrated by programs that take over my computer and
> treat me like I do not have the intelligence to resolve the problem
> once I am alerted.
dd if=/dev/zero of=/dev/hda bs=1024 # problem solved.
McAfee are meremly a symptom of the assumption that a PC runs windows,
and that a PC therefore also runs Internet explorer and outlook express.
It is this lack of diversity that also makes the spread of viruses
and worms so fantastically easy.
Jim
- Next message: Robert Moir: "Re: Question about advice for MyDoom given on L.A. news channels"
- Previous message: Robert Moir: "Re: is this a logical idea??"
- In reply to: John Jason Hajicek: "McAfee deletes mail folders?"
- Next in thread: refv2_at_attbi.net: "Re: McAfee deletes mail folders?"
- Reply: refv2_at_attbi.net: "Re: McAfee deletes mail folders?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
