Joe Sloan wrote: > Dennis Peterson wrote: >> Joe Sloan wrote: > >>> Perhaps our sample size is too small, but it certainly seems that this >>> whole overhyped idea of viruses apart from ms windows is a non-issue in >>> practice. > >> How are able to determine that? There's nothing in the connection >> information or in the message that identifies the source OS, hardware, >> or MTA. Everything in a message can be spoofed as can the sending >> system. The only thing you can be sure of is the IP you log during the >> connection. Nothing else can be considered real. > > It's rather simple. Every single one of the viruses we looked at has > been a windows executable, therefore could not have possibly infected a > non windows platform.
I've had a feeling for several posts that we have not been having the same conversation. I've never seen anything but Windows viruses in the nearly 30 years I've been doing this but that's not what we're talking about. We're talking about the probability that Windows viruses and even non-Windows viruses can be sourced from a non-Windows mailer. Some of Windows viruses can even be built on non-Windows systems but where they're built is not important either. A Linux machine that has a Samba server or client with Windows on the other end is every bit as useful for sending spam and viruses intended for Windows only systems. As to what viruses can infect - it is perfectly possible to create a virus that runs in Windows but infects the host in a virtual machine environment. If the host allows the guest OS too much access as Parallels has done in the past, for example, a very simple Windows virus can take over the Mac host. In fact it is trivial and it presents interesting possibilities: the host, using a simple Perl script provided by the guest OS (let's call it Windows), can ftp the virtual machine to a remote site, for example, and it will run there just fine. I know this because I've done it in my own lab. dp _______________________________________________ Help us build a comprehensive ClamAV guide: visit http://wiki.clamav.net http://lurker.clamav.net/list/clamav-users.html
