-
July 1st, 2004, 10:12 PM
#11
Val:
That actually depends. Since you apparently forgot to mention whether you are talking about Outlook or Outlook Express in your tutorial you didn't note that they work in slightly different ways.
Outlook Express keeps the address book location in a registry key that can be changed if you are careful - but it's often a pain and you stand to lose it all, (theres a KB article out there on M$'s site if you are interested).
Outlook keeps the same information in he PST file which, unless there is a restriction I am unaware of, would allow you to place the .pst file on a removable drive. That would allow you to easily defeat a virus harvesting from the address book.
Of course most of the more modern viruses don't just harvest from the address book but also look through cached web pages and other places, (I don't recall the file extensions but a quick look at any modern virus write-up on Symantec's site will show them), so it will still function perfectly well.
The best way to prevent a virus propagating through email is to use a firewall that denies access to all outbound port 25 attempts except to the IP of the service provider. Even then the emails to people within your own ISP will go through. In a corporate environment you can disallow all port 25 outbound except from your mail servers themselves. That stops virus propogation dead in it's tracks since no virus I have come across in the last 2-3 years has used the default mail server as it's "way out" because they all carry their own SMTP engine.
Best yet, get a firewall that can strip all executables from SMTP traffic.... Bingo.... No virus, even unknown, can enter..... That's what I do at work.... love it.... Yeah, I know, It might not be feasible for a home user but it works for me.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
July 1st, 2004, 10:17 PM
#12
What about alternate programs such as Thunderbird (what I use)? Will a virus that spreads through an Outlook address book also spread through Thunderbird's?
-
July 1st, 2004, 10:40 PM
#13
Angelic:
Once you are silly enough to execute the virus itself it may not get your address book but it will harvest from the other locations. So, yeah, it will work perfectly well.... It just won't get your best buddies.....
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
July 1st, 2004, 10:44 PM
#14
Fortunately not even I'm that silly.
Other locations...You're referring to .txt files that the virus looks for containing addresses, right?
-
July 1st, 2004, 11:06 PM
#15
Angelic:
Netsky.D scans the following file extensions:-
.dhtm
.cgi
.shtm
.msg
.oft
.sht
.dbx
.tbb
.adb
.doc
.wab
.asp
.uin
.rtf
.vbs
.html
.htm
.pl
.php
.txt
.eml
Per Symantec
So, on a Win32 system, regardless of the mail client's address book, it's going to activate on one or all of these files..... One way or another you are infected.... and you will propagate.... Unless you can stop "arbitrary" port 25 egress.
Don\'t SYN us.... We\'ll SYN you.....
\"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides
-
July 2nd, 2004, 06:07 AM
#16
Tiger : You can also set up rules in Outlook for those peoople who do not hav a firewall capable of stripping atachments so that all emails with attachments on them are deleted/moved or whatever upon arrival before they can be viewed
v_Ln
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|