[sustran] Re: Virus on sustran-discuss

[Debi Goenka]

Hi Sujit

If the SUSTRAN list does not permit any attachments, the format of the
attachment really does not matter! Both .doc files and .rtf files will be
deleted.

Probably the best thing to do is to copy and paste the contents of the file
to the email message and send the entire file as plain text in the body of
the email message itself.

Cheers

Debi

----- Original Message -----
From: "Sujit Patwardhan" <sujit at vsnl.com>
To: <sustran-discuss at jca.ax.apc.org>
Cc: "ESG India" <esg at bgl.vsnl.net.in>; <Kisan Mehta :>
Sent: Tuesday, January 14, 2003 12:56 AM
Subject: [sustran] Re: Virus on sustran-discuss


> 13 January 2003
>
>
> Dear Paul, Leo and others on the Sustran list,
> Though I'm not an expert on the question of viruses, I doubt if the virus
> came from an attachment (from Kisan or anyone else), as to my knowledge
> Sustran list (like most other lists) drops (leaves out) any attachments
> from our list mailings, but as a precaution against MS Word (.doc files)
> attachments which have macros, I do not open attachments in the MS Word
> format, though I have a reliable and auto-upgraded virus protection
> software. I request the sender to re-send the attachment in RTF format
> (less chance of a virus in this format) by pasting the following message:
>
> ================================
> No Entry
> for attachments in Microsoft Word.
>
> To avoid viruses I don't open attachments in the MS Word format.
> Will you please resend it as an RTF file???
> I'm sorry for the inconvenience.
> Thanks
> --Sujit
> ================================
>
> Most email users are casual about viruses till they experience the pain of
> reformatting their hard disk and reloading all the programmes. Strictly
> resisting the temptation to open MS Word format attachments is the least
> one can do as a habit.
>
> In this case however I think the virus (if it's a virus at all) must have
> come from the normal message and exploited the weakness in the MS Internet
> Explorer or Outlook Express software . I suspect that in its hurry to
> market newer and newer versions of these softwares, the company in
question
> starts selling the new versions and takes its own time fixing the bugs
> through never-ending patches that need to be stitched on to the programme
> though time consuming downloads.
>
> Anyway Sustran messages having dried down to a trickle these days, it was
> good to see mails from Paul, Leo, Alan etc. Hope this is a wakes up call
> for us to become active again.
>
> Greetings for the New Year to all,
> --
> Sujit Patwardhan
> Parisar,
> Pune,
> India
>
>
> -----------------------------------------------------------
>
> At 10:01 AM 1/13/2003 +0530, you wrote:
> >Paul,
> >
> >The virus of Lirva, and was announced last week.  I think it is a worm
that
> >activates on particular dates.  Windows has an update for this and many
> >virus scans are able to catch this script.
> >
> >Best
> >
> >Leo
> >----- Original Message -----
> >From: "Paul Barter" <geobpa at nus.edu.sg>
> >To: <sustran-discuss at jca.ax.apc.org>
> >Sent: Saturday, January 11, 2003 11:22 AM
> >Subject: [sustran] Re: Virus on sustran-discuss
> >
> >
> >Dear sustran-discussers
> >
> >Regarding Alan's message in response to yesterday's suspicious message
> >from "Kisan Mehta [je at swisscontact.ph]"...
> >
> >Correct me if I am wrong but as far as I can tell no malicious code came
> >through to sustran-discuss... At least not to me. And my university
> >filters usually alert me when they intercept such attachments. I agree
> >with Alan that it certainly does look like other messages in recent days
> >which have had malicious attachments. Perhaps there are safeguards
> >somewhere in the system which hosts sustran-discuss, and perhaps they
> >worked in this case?
> >
> >The detailed headers of the message suggest it came from Kisan rather
> >than Swiss Contact, despite the email address it 'apparently' came from.
> >Therefore yesterday I immediately took the precaution of suspending
> >Kisan temporarily from the list and have also now alerted him to the
> >potential problem.
> >
> >I will try to investigate the anti-virus status of JCA networks which
> >hosts sustran-discuss but I suspect that with the simple majordomo
> >software the safeguards are probably not very sophisticated. I do know
> >that the simple filter I have set up that stops large messages does
> >often catch malicious attachments and benign ones alike.
> >
> >Nevertheless, as a general rule please do not send attachments through
> >sustran-discuss and also do not open attachments from sustran-discuss,
> >since no legitimate attachments should be appearing here. In general,
> >ALWAYS be very cautious about clicking on attachments.
> >
> >All the best
> >
> >Paul
> >
> >
> >Dr Paul Barter
> >Fellow in the Department of Geography and the Public Policy Programme
> >National University of Singapore
> >1 Arts Link, Singapore 117570
> >Tel: +65-6874 3860; Fax: +65-6777 3091
> >E-mail: geobpa at nus.edu.sg
> >
> >-----Original Message-----
> >From: owner-sustran-discuss at jca.ax.apc.org
> >[mailto:owner-sustran-discuss at jca.ax.apc.org] On Behalf Of Alan Patrick
> >Howes
> >Sent: Saturday, 11 January 2003 11:48 AM
> >To: 'sustran-discuss at jca.ax.apc.org'
> >Subject: [sustran] Virus on sustran-discuss
> >
> >
> >I'm not sure what the following means - but when I got a message with
> >the same headers on my home machine it seemed to have a
> >malicious attachment. My server at work would stop such attachments.
> >
> >Surely the sustran-discuss server should filter out such stuff?
> >
> >
> >--
> >Alan P Howes, Special Transport Advisor,
> >      Dubai Municipality Public Transport Department
> >aphowes at dm.gov.ae
> >http://vgn.dm.gov.ae/DMEGOV/dm-mp-transportation
> >Tel:    +971 4 286 1616 ext 214
> >Mobile: +971 50 5989661
> >
> >-----Original Message-----
> >From: Kisan Mehta [mailto:je at swisscontact.ph]
> >Sent: Thu, 09 January, 2003 04:00
> >To: undisclosed-recipients
> >Subject: [sustran] Re: Reply on account for IIS-Security
> >
> >
> >Restricted area response team (RART)
> >
> >
> >
> >Attachment you sent to Kisan Mehta is intended to overwrite start
> >address at 0000:HH4F
> >To prevent from the further buffer overflow attacks apply the MSO-patch
>
> --
> Sujit Patwardhan
> sujit at vsnl.com
>
>
>
>
>