TMG-L Archives

Archiver > TMG > 2002-05 > 1020567423


From: "Darrell A. Martin" <>
Subject: [TMG] OT - anti-virus "superstition"?
Date: Sat, 04 May 2002 21:57:03 -0500
References: <LOBBKOOEANNIIOJMJAELAEJKEAAA.earbar@netway.com><5.1.0.14.0.20020504063811.009f9aa0@pop.sprynet.com>
In-Reply-To: <001f01c1f379$a329c2e0$d4daf943@reed>


At 10:36 AM 5/4/02 -0400, Theresa Greene Reed wrote:
>Darrell,
>
>NO ! NO ! It is not safe in my copy of Outlook Express to click on the
>message line (line with the icon, name of sender, subject, and date ant time
>received) for an infected message without actually receiving the virus or
>worm when the Preview pane is open. It has happened to me many times. I
>never open unexpected attachments. This happens by simply clicking on the
>line on the list.

Hi, Theresa:

Clicking on the line on the list does not open an attachment
in any of the e-mail clients that I would consider using, and
I believe OE can be configured not to work that way. If it
can't, DUMP IT.

There are other things that can happen when you view a
message, whether by opening it or by previewing it. They
have to do with HTML and scripts, and I mentioned them in
a previous post. Configure OE to eliminate the problem.

>When I click on the line, two things happen at once. My McAfee VirusScan
>gives me a big red Virus Warning window. Behind this is another window
>which shows the download IN PROGRESS. The downloading envelope is moving
>from one side to another in a download window, meaning (in my view) that the
>virus or worm is being downloaded as I look at it. I have learned to act
>QUICKLY to cancel everything before it progresses too far. I do this as
>fast as possible. Then I close Outlook Express, and run a virus scan on all
>drives.

If McAfee is working properly, then what you are seeing
is I think the download of a *disinfected* message. Your
quick action should be completely and totally unnecessary,
and is not be doing you a bit of good (no harm, though).
If what you are seeing is the download of a web file, or
the running of a script, then OE is misconfigured for
the way you want it to run; but McAfee should catch those
things *anyway*.

If you are *not* sure that you have McAfee working
properly, or suspect that your OE configuration is not
correct, then your actions are probably wise -- but you
might as well not have AV software at all if you have to
"act quickly to cancel everything before it progresses
too far".

>As I said before, I have been fortunate to cancel everything fast enough so
>that I wasn't infected, and my VirusScan report showed that there were no
>infected files. I've never known how to avoid this.

You would have gotten the exact same results if you had
NOT cancelled. Provided that your AV was correctly set
up, and up to date, as mentioned.

>I don't want this to happen again, so I'm taking every precaution. Now,
>since I received Kirk Ransom's e-mail telling me how to turn off the Preview
>pane, and since I received Caroline Gurney's e-mail message telling me how I
>can read the message without the Preview pane open, I do it differently.
>Before I receive e-mail messages, now, I turn off the Preview Pane, then
>look at the list of messages (sender and subject, etc) first. If I don't
>recognize the sender and subject as those that are familiar to me, I view
>the suspicious message by right-clicking on it, then selecting
>Properties>Details> Message Source to read it safely. Then, and only then
>do I go back to turn on the Preview pane and read the ones that are familiar
>to me (like TMG messages).

I'm not sure why you would want to turn the Preview Pane
back on?!?!? Leave it off, in my opinion permanently.
Just read the messages.

By the way, list admins on RootsWeb are reporting many
cases of the KLEZ virus sending messages with the "From"
line being a RootsWeb mailing list (or other list, for
example Yahoo). You may very well get an infected
message that looks for all the world like it came from
TMG-L. (If you do, it never went through the list ...
but if you don't know how to read e-mail headers you
can't tell.)

>In other words, I don't click on an unfamiliar message anymore. If I should
>miss one, and happen to click on an infected message, my antivirus is
>up-to-date, and will catch it as before. But that is much less likely. I
>don't mind doing all of this, because I'd rather be safe than sorry.
>
>Theresa

Well, *I* would mind doing all of that, although you are
right about the safe and sorry option [grin]. Still, I think
what you are doing is the computer equivalent of knocking
on wood, or throwing salt over your shoulder. It seems to
have an effect, so you keep on doing it. ("Don't tell me not
to walk around my car three times before getting in. I have
been doing that ever since my Yugo caught on fire, and it
hasn't happened again since. You want me to burn to a
crisp?") But what is really working is McAfee!

Darrell


Darrell A. Martin
a native Vermonter currently in exile in Addison, Illinois



This thread: