From owner-freebsd-questions@FreeBSD.ORG  Tue Sep  9 07:24:16 2003
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 24C5116A4BF
	for <freebsd-questions@freebsd.org>;
	Tue,  9 Sep 2003 07:24:16 -0700 (PDT)
Received: from heron.mail.pas.earthlink.net (heron.mail.pas.earthlink.net
	[207.217.120.189])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6B87F43F93
	for <freebsd-questions@freebsd.org>;
	Tue,  9 Sep 2003 07:24:15 -0700 (PDT)
	(envelope-from algould@datawok.com)
Received: from 22-15.lctv-b4.cablelynx.com ([24.204.22.15]
	helo=yoda.datawok.com)
	by heron.mail.pas.earthlink.net with asmtp (TLSv1:RC4-MD5:128)
	(Exim 3.33 #1)	id 19wjPh-0003gy-00; Tue, 09 Sep 2003 07:24:13 -0700
From: "Andrew L. Gould" <algould@datawok.com>
To: "Timms, Simon" <STimms@petro-canada.ca>,
	'Jerry McAllister' <jerrymc@clunix.cl.msu.edu>
Date: Tue, 9 Sep 2003 09:24:31 -0500
User-Agent: KMail/1.5
References: <BB28669D4974D311B4A00008C75D1CF910FB8774@pcaxs02.pcacorp.net>
In-Reply-To: <BB28669D4974D311B4A00008C75D1CF910FB8774@pcaxs02.pcacorp.net>
MIME-Version: 1.0
Content-Type: text/plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200309090924.31211.algould@datawok.com>
X-ELNK-Trace: ee791d459e3d6817d780f4a490ca69564776905774d2ac4bf49165b7544736f595ca326a3e56d32b350badd9bab72f9c350badd9bab72f9c350badd9bab72f9c
cc: freebsd-questions@freebsd.org
Subject: Re: Off-Topic:  Did I receive a virus or worm?
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Sep 2003 14:24:16 -0000

On Tuesday 09 September 2003 09:17 am, Timms, Simon wrote:
> Jerry McAllister wrote:
> >> Below the message, however, were two blocks of gibberish.  Both blocks
>
> begin
>
> >> with a "begin" line and end with an "end" line.  There is no indication
>
> that
>
> >> Kmail included an attachment in-line within the email.
> >>
> >> Is it possible that the code was needed to access the web page?  If so,
> >> I
> >>
> >> don't understand how clicking on the web address would send or use the
>
> blocks
>
> >> of code.
>
> I don't think so, I don't see any method by which these blocks of code
> could or would be used to access a webpage.
>
> >> Should I worry about these blocks of code?
> >
> >Yes, you should.
> >Do not trust any unsolicited code and be cautious of that
> >which you did request.
>
> It sounds to me like this "code" might be a pgp key or signature.  Even if
> it is malicious code then chances are pretty good that it isn't going to
> run on FreeBSD.  I don't think there are too many e-mail distributed
> viruses for Unix like systems, I can't think of a single one.  If you're
> really curious then install vm ware and run the code inside there, it
> should provide a very secure sandbox.
>
> Worry Factor 2 - nothing much to worry about
>

Thanks.

Andrew