Index > Scribe > Virus problem
Author/Date Virus problem
Mike Green
26/11/2004 11:34pm

I am presently receiving a specific virus about twice a day (a variant of W32.sober). I would not expect this to be a problem as it's in the form of an attachment to a mail. However, every time it downloads it starts to execute (and is trapped by my realtime anti-virus scanner so does no actual harm but requires lengthy removal).

I'm currently previewing everything and deleting from my POP mailbox before download but this is, obviously, annoying.

My question is whether anyone can suggest why it's managing to execute purely by downloading? It's occurred to me that it might be something to do with filtering. I have lots of filters, all based around the From field. Does the filter 'open' the mail sufficiently to kick off an attached virus perhaps? I'm rather loathe to switch filtering off and download one of these mails as it takes a fair while offline to fix the infection!

Any suggestions gratefully received.


27/11/2004 12:32am
Scribe doesn't execute any executable attachments. So it's probably just the warning message in the anti-virus app worded wrong or something.

Attach one of the viruses to an email to me and I'll check it here if you like.
Mike Green
27/11/2004 12:50am
OK - will send you one if I get any more and also if I can figure out how to without downloading the thing. A bit more info. As soon as it's received it starts being picked up by Norton and put in quarantine. The email in InScribe has a size of 0 bytes and no longer has the attachment. I only know what it looks like by examining it with the Preview pane or looking at my mail on my ISP.
27/11/2004 1:01am
Norton is probably bitching about Scribe saving the email image to disk during the receive. Scribe is not executing it but mearly storing it in a temp directory until such time it's successfully saved into the folders. If norton mucks with the .eml file in the temp directory Scribe won't get the attachment anyway.
Mike Green
27/11/2004 1:20am
That makes sense I think, since the eml file is the noted originator in the Norton log. Any ideas what to do about it - given that either the virus or Norton is then producing a copy of the thing every 1.5 seconds once it's 'received' until I boot in safe mode and delete everything!
27/11/2004 1:26am
Maybe if I use a different extension and/or maybe obsure the contents of the file it would not be able to see it's an email.