Thoughts about finding viruses in email inboxes
David M. Karr
davidmichaelkarr at gmail.com
Sun Apr 5 13:41:16 UTC 2009
Leonard Chatagnier wrote:
> Also, those two BD packages are not all of bitdefender. Do an aptitude search bitdefender and it will show all of them such as mail scanner, etc. Install what you want and need. You do seem to be using plain text now; thanks for that.
>
> Leonard Chatagnier
> lenc5570 at sbcglobal.net
>
>
>
I now have another concern with this. I thought the "home" version was
free. When I start the app, it says "Trial key found. 30 days
remaining.". Does that mean what I think it means?
> --- On Sat, 4/4/09, David M. Karr <davidmichaelkarr at gmail.com> wrote:
>
>
>> From: David M. Karr <davidmichaelkarr at gmail.com>
>> Subject: Re: Thoughts about finding viruses in email inboxes
>> To: "Ubuntu user technical support, not for general discussions" <ubuntu-users at lists.ubuntu.com>
>> Date: Saturday, April 4, 2009, 11:59 PM
>> Leonard Chatagnier wrote:
>>
>>> Leonard Chatagnier
>>> lenc5570 at sbcglobal.net
>>>
>>>
>>> --- On Sat, 4/4/09, David M. Karr
>>>
>> <davidmichaelkarr at gmail.com> wrote:
>>
>>>
>>>
>>>> From: David M. Karr
>>>>
>> <davidmichaelkarr at gmail.com>
>>
>>>> Subject: Re: Thoughts about finding viruses in
>>>>
>> email inboxes
>>
>>>> To: "Ubuntu user technical support, not for
>>>>
>> general discussions"
>> <ubuntu-users at lists.ubuntu.com>
>>
>>>> Date: Saturday, April 4, 2009, 9:56 PM
>>>> <div id=yiv1700123675><!DOCTYPE html
>>>>
>> PUBLIC
>>
>>>> "-//W3C//DTD HTML 4.01
>>>>
>> Transitional//EN">
>>
>>>> <html>
>>>> <head>
>>>>
>>>> </head>
>>>>
>>>> Leonard Chatagnier wrote:
>>>> <blockquote
>>>> type="cite">
>>>> <pre>
>>>>
>>>> --- On Sat, 4/4/09, David M. Karr <a
>>>> rel="nofollow"
>>>> class="moz-txt-link-rfc2396E"
>>>> target="_blank"
>>>>
>>>>
>> href="mailto:davidmichaelkarr at gmail.com"><davidmichaelkarr at gmail.com></a>
>>
>>>> wrote:
>>>>
>>>> </pre>
>>>> <blockquote type="cite">
>>>> <pre>From: David M. Karr <a
>>>> rel="nofollow"
>>>> class="moz-txt-link-rfc2396E"
>>>> target="_blank"
>>>>
>>>>
>> href="mailto:davidmichaelkarr at gmail.com"><davidmichaelkarr at gmail.com></a>
>>
>>>> Subject: Re: Thoughts about finding viruses in
>>>>
>> email
>>
>>>> inboxes
>>>> To: "Ubuntu user technical support, not for
>>>>
>> general
>>
>>>> discussions" <a rel="nofollow"
>>>> class="moz-txt-link-rfc2396E"
>>>> target="_blank"
>>>>
>>>>
>> href="mailto:ubuntu-users at lists.ubuntu.com"><ubuntu-users at lists.ubuntu.com></a>
>>
>>>> Date: Saturday, April 4, 2009, 6:07 PM
>>>> <div id=yiv1158907843><!DOCTYPE html
>>>>
>> PUBLIC
>>
>>>> "-//W3C//DTD HTML 4.01
>>>>
>> Transitional//EN">
>>
>>>> <html>
>>>> <head>
>>>>
>>>> </head>
>>>>
>>>> NoOp wrote:
>>>> <blockquote type="cite">
>>>> <pre>On 03/29/2009 12:13 PM, David M. Karr
>>>>
>> wrote:
>>
>>>> </pre>
>>>> <blockquote type="cite">
>>>> <pre>Ok, I can see that there's one
>>>>
>> detail
>>
>>>> that I didn't specifically say
>>>> here. I thought it was obvious, so I didn't
>>>>
>> mention
>>
>>>> it. I think it
>>>> wasn't obvious to some of you.
>>>>
>>>> I'm not having trouble with clamav telling me
>>>>
>> what FILE
>>
>>>> a virus is in.
>>>> The report is clear on that. The problem is that
>>>>
>> the IMAP
>>
>>>> INBOX file is
>>>> a formatted file containing many email messages.
>>>>
>> What
>>
>>>> I'm looking for
>>>> is some sort of ability to introspect into the
>>>>
>> mailbox
>>
>>>> format in the
>>>> clamav report so that I can tell which email
>>>>
>> message
>>
>>>> contains the
>>>> virus. I certainly am not going to run clamav in
>>>> "auto-remove" mode, as
>>>> it would remove my entire inbox.
>>>> </pre>
>>>> </blockquote>
>>>> <pre>
>>>> David, BitDefender for Unices, at least on POP3
>>>>
>> mailbox
>>
>>>> files, will tell
>>>> you the exact msg number, the subject of the
>>>>
>> email(s), and
>>
>>>> the time
>>>> stamp on the email(s) within the file. I expect
>>>>
>> that it
>>
>>>> will do the same
>>>> for an IMAP file. I don't have an IMAP so I
>>>>
>> can't
>>
>>>> test.
>>>>
>>>> I just test scanned an email archive with both
>>>>
>> clamav and
>>
>>>> BitDefender;
>>>> result was that clamav identified 4 issues that
>>>>
>> supposedly
>>
>>>> contained:
>>>> 'Phishing.Heuistics.Email.SpoofedDomain and
>>>> Email.Phishing.DblDom-138' no trojans or viri
>>>>
>> found.
>>
>>>> ClamAV entirely
>>>> missed trojan signatures in the files. Further,
>>>>
>> clamav
>>
>>>> didn't provide
>>>> any further information beyond the file location
>>>>
>> and the
>>
>>>> above.
>>>>
>>>> BitDefender not only properly found folders with a
>>>>
>> trojan
>>
>>>> signature
>>>> ('Trojan.Iframe.AV'), but also identified
>>>>
>> exactly
>>
>>>> which emails within
>>>> the 17+MB file were at issue. I was then able to
>>>>
>> open up
>>
>>>> the file in
>>>> gedit, identify the the emails within the file by
>>>>
>> subject
>>
>>>> & time stamp,
>>>> and edit them out by hand. I could have of course
>>>>
>> opened
>>
>>>> the file in
>>>> SeaMonkey (my email client) and deleted them that
>>>>
>> way as I
>>
>>>> know the
>>>> exact msg numbers, subjects and times. I happen to
>>>>
>> know
>>
>>>> exactly what the
>>>> trojan signatures were/are in the archived email
>>>>
>> file as
>>
>>>> they were
>>>> emails that I had sent/received regarding that
>>>>
>> particular
>>
>>>> Iframe
>>>> exploit, so there was no false positive.
>>>>
>>>> I very much recommend exploring BitDefender - see
>>>>
>> my post
>>
>>>> to Leonard in
>>>> this thread for links etc. You can use cli or gui,
>>>>
>> set cron
>>
>>>> scans, scan
>>>> incoming on Evolution, Pine, etc., use scripts,
>>>>
>> scan across
>>
>>>> Samba, etc.
>>>> It's (IMO) worth a look. 32bit and 64bit
>>>>
>> versions are
>>
>>>> available.
>>>> Disclaimer: I also use BD comercial licenses to
>>>>
>> scan
>>
>>>> Windows servers for
>>>> my customers for years, and my personal use
>>>>
>> machines (linux
>>
>>>> and
>>>> windows); beyond that I've no other
>>>>
>> relationship with
>>
>>>> BD.
>>>>
>>>>
>>>> </pre>
>>>> </blockquote>
>>>> I accidentally lost the reply you added after
>>>>
>> this, but I
>>
>>>> read it in
>>>> the archives.<br>
>>>> <br>
>>>> As I suspected, there seems to be some issue with
>>>>
>> the
>>
>>>> variation of
>>>> BitDefender that I installed. I followed the
>>>> instructions at <<a rel="nofollow"
>>>> target="_blank"
>>>> href=<a rel="nofollow"
>>>> class="moz-txt-link-rfc2396E"
>>>> target="_blank"
>>>>
>>>>
>> href="http://download.bitdefender.com/repos/#">"http://download.bitdefender.com/repos/#"</a>><a
>>
>>>> rel="nofollow"
>>>> class="moz-txt-link-freetext"
>>>> target="_blank"
>>>>
>>>>
>> href="http://download.bitdefender.com/repos/#">http://download.bitdefender.com/repos/#</a></a>>,
>>
>>>> but I don't have a "BitDefender"
>>>>
>> entry in
>>
>>>> "Applications"->"System
>>>> Tools", and I don't have a
>>>>
>> "bdgui"
>>
>>>> executable. The following is the
>>>> contents of
>>>>
>> "/opt/BitDefender/bin":<br>
>>
>>>> <br>
>>>> davidkarr at davidkarr-desktop$ ls
>>>> /opt/BitDefender/bin<br>
>>>> ./
>>>> bdcharts*
>>>> bdlived*
>>>> bdmond* bdsafe.bin* bdsu*<br>
>>>> ../
>>>> bdcourier*
>>>> bdlogd* bdqmail*
>>>> bdscand*
>>>> common-setup.sh*<br>
>>>> bd*
>>>> bdemagentd*
>>>> bdmaild* bdregd*
>>>> bdsmtpd*
>>>> mail-setup.sh*<br>
>>>> bdcgated* bdemclientd* bdmilterd*
>>>> bdsafe@ bdsnmpd*<br>
>>>> <br>
>>>> I have no "update-menus" executable (I
>>>>
>> looked
>>
>>>> everywhere), if that's
>>>> relevant.<br>
>>>> <br>
>>>>
>>>> </pre>
>>>> </blockquote>
>>>> <pre>I'm not real sure what you are
>>>>
>> looking for
>>
>>>> but I know that NoOP is gone for the weekend,
>>>>
>> sailing, and
>>
>>>> wont be back until Monday. If you are looking for
>>>>
>> the cli
>>
>>>> commands for BD they are:
>>>>
>>>> bdscan for the cli and
>>>> bdgui for the gui but starting it from the cli.
>>>>
>> The menu
>>
>>>> item for BDSCAN is called Antimalware Scanner and
>>>>
>> just below
>>
>>>> the main title is Bit Defender Scanner greyed out.
>>>>
>> It had a
>>
>>>> red icon globe that is serated. At least that is
>>>>
>> how it
>>
>>>> appears on my Intrepid Kubuntu desktop using the
>>>>
>> 64 bit
>>
>>>> version. Use the above cli commands with the
>>>>
>> --help option
>>
>>>> to see what the available options are or read the
>>>>
>> manuals.
>>
>>>> I'm not sure but it appears that you
>>>>
>> downloaded BD from
>>
>>>> their site. You can download it from ubuntu by
>>>>
>> adding the
>>
>>>> following to your sources.list or in software
>>>>
>> sources:
>>
>>>> deb <a rel="nofollow"
>>>> class="moz-txt-link-freetext"
>>>> target="_blank"
>>>>
>>>>
>> href="http://download.bitdefender.com/repos/deb/">http://download.bitdefender.com/repos/deb/</a>
>>
>>>> bitdefender non-free
>>>>
>>>> I can attest that BD is significantly faster
>>>>
>> scanning than
>>
>>>> clamscan is as NoOp pointed out. HTH.
>>>>
>>>> Leonard Chatagnier
>>>> <a rel="nofollow"
>>>> class="moz-txt-link-abbreviated"
>>>> target="_blank"
>>>>
>>>>
>> href="mailto:lenc5570 at sbcglobal.net">lenc5570 at sbcglobal.net</a>
>>
>>>> </pre>
>>>> </blockquote>
>>>> I followed the instructions at
>>>> <a rel="nofollow"
>>>> class="moz-txt-link-rfc2396E"
>>>> target="_blank"
>>>>
>>>>
>> href="http://download.bitdefender.com/repos/#"><http://download.bitdefender.com/repos/#></a>
>>
>>>> , which references the
>>>> line you refer to. It didn't give me any of
>>>>
>> the
>>
>>>> command-line tools.<br>
>>>>
>>>>
>>>>
>>>>
>>> I can't tell from your reply just what you did
>>>
>> which makes it hard to be of any help.
>>
>>> BTW, please don't post in HTML or Rich Text. Use
>>>
>> plain text for list mail.
>>
>>> I asked you to add the following line to your
>>>
>> /etc/apt/sources.list file:
>>
>>>
>>>
>> I just changed it in the address book to plain text, but I
>> don't know
>> how to tell whether it's doing it or not.
>>
>>
>>> deb http://download.bitdefender.com/repos/deb/
>>>
>> bitdefender non-free
>>
>>> Did you? It's all one line. If you did, then you
>>>
>> need to also run:
>>
>>> sudo aptitude update and
>>> sudo aptitude install bitdefender-scanner
>>>
>> bitdefender-scanner-gui
>>
>>>
>>>
>> Bingo. The original instructions I found didn't mention
>> those last two
>> packages, just the "bitdefender-mail" package.
>> I'm sure those will do
>> the trick.
>>
>>> That's two programs to install and the detail on
>>>
>> how to do it. You would also be advised to uninstall what
>> you've done so far installing BD to be safe. Once
>> you've done the above, the cli commands I gave you in an
>> earlier reply should work but you need to read the man pages
>> to see what options you want to run with bdscan. bdgui will
>> start the gui interface from the command line but you will
>> still need to read it manual to learn how to use it.
>>
>>>
>>>
>> --
>> ubuntu-users mailing list
>> ubuntu-users at lists.ubuntu.com
>> Modify settings or unsubscribe at:
>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
>>
>
>
More information about the ubuntu-users
mailing list