subject: Virus in email
note: first posting failed, this is copy.
<<2) The sender operates a trusted and secure system.
It's always safe to send documents in ascii (plain text) in the body of an
email post. You can't communicate -- or catch -- viruses this way.
>>
a) What is a trusted and secure system?
b) You can communicate virus via plain ascii: Take an invected non-ascii 8
bit
file, an image, a program, .. whatever 8 bit. Convert it into a 7bit,
(there
are several formats for 7 bit files MIME, UUE, ... ). This 7 bit file then
looks like a garbled ascii text with a header or preamble, and postamble if
you load it into a text editor. Loading it into a text editor is safe, and
pasting it into an email is safe. (note 1). The person reading the email
will
see the garbled section and the distinctive header. To convert this part
back into
a useful file (the original) s/he would clip and paste the part including
the
header into a pure text editor, then save it with the ending that was used
for the 7 bit convertion, e.g. file.uue. So far there is still no danger.
Now the critical steps follow. A program that is able to open such a
converted
file might start it as well. I am using winzip to convert files into *.uue,
both ways. Winzip lets me choose the steps: I can convert the file into its
original without starting it. Whether I start it is my choice. An
additional
point, once the above has been digested: Winzip is a program which can
compress files (the *.zip extension). It can also convert files. Of course,
decompress and reconvert.
There is the choice of creating "self extracting" files, the *.exe types.
These *.exe are rather dangerous because the intermediate step of
re-convertion
and starting is concentrated into one step. A risky, though convenient
measure. (An attached *.exe file is a potential hazard. An *.exe file can
most
likely not be pasted into an email.)
For this reason I never use self extracting (*.exe) files. Files on my
website
are either 7 bit *.uue or 8 bit (8bit leaves the automatic convertion into
the
7 bit capable internet format to the computers involved).
*.UUE plus Winzip enables the stepped approach: Convertion without
starting.
One *.uue file can contain several (previously zipped) files. One of them
might be an explaining text file. Winzip separates those files into a menu
without opening anyone automatically.
Sometimes I include an *.uue file (an image) into an email. It jumps the
fence
of "no attached files" while introducing several steps before it can be
started.
(Someone who doesn't know how can't).
Note 1: I stated it should be safe. Well, an email program which would
scan for included programs and start these automatically would find it.
An email program should not have this feature, if it does, the function
must
be destroyed. Extension: The MED listserver with the address
MG-ED-DV@MAELSTROM.STJOHNS.EDU "reads" postings, looking
for commands to react to. This operation is close enough to be
considered a spot to probe. (I don't know how to hack!).
Another attached file "problem" are the *.html attachements so many mailing
programs are sending out these days. Mail then looks formatted, wastes
additional 400 % hard disk space, and may include secret links to websites
containing troyan horses. Some mail programs open these pages
automatically.
Illustration follows below, the part can not be reconstructed because
I took out most of the lines. Note the begin and end of the *.uue file
below, though. The file name line is the only clear text part in the *.uue.
Note: The file named garbage.zip is inside the *.uue. The name of the *.uue
formated file is not important. The text in this email was zip-compressed,
then
converted into *.uue. I did not use an 8 bit source, the result looks
similar.
Emil Zahner
Morphological Institute Canada
http://ourworld.compuserve.com/homepages/canmor
The pasted *.uue format 7 bit file begins with the first visible character
on the next line.
_=_
_=_ Part 001 of 001 of file garbage.zip
_=_
begin 666 garbage.zip
M4$L#!!0````(`'133B@Q_5M$T@4``"@,```+````9V%R8F%G92YT>'1]5F&+
MVT80_2[0?Q@.2NS#IZ:ED'*$E*,D]*!I/B1IZ,>UM+*VM]H5VM4ISJ_OFQG)
here many line have been removed
MF\V(6080A(3B%J=(LC]DH&064#E:TT4L@\1W`*S*<WJ3+FZ%.T"FZ5^*+XM_
M`%!+`0(4`!0````(`'133B@Q_5M$T@4``"@,```+``````````$`(`"V@0``
C``!G87)B86=E+G1X=%!+!08``````0`!`#D```#[!0``````
`
end
--- this line is no longer part of *.uue, the one above is!