Re: [Evolution] Is virus protection required?

From: Jason Tackaberry <tack auc ca>
To: Dave Finnegan <dave synchronicity com>
Cc: Evolution Mailing List <evolution ximian com>
Subject: Re: [Evolution] Is virus protection required?
Date: 14 Jan 2003 12:21:12 -0500

On Tue, 2003-01-14 at 10:17, Dave Finnegan wrote:

Does Evolution suffer from this sort of virus?

Should I be concerned that I could be receiving viruses now via my Linux
Evolution mail reader?


Evolution does not support scripting, and I think (and hope) it is the
policy of the Evolution hackers never to do so.

It is, however, always a possibility to exploit buffer overflows in the
Evolution to execute arbitrary code as the user running it.  This class
of attack is hardly unique to Evolution, although one could probably
argue that since Evolution is much more complex than, say, mutt, it's
more susceptible to attack this way.

But let's be realistic.  Any client that accepts data off the net is
potentially vulnerable, so you should be more no concerned about
Evolution than you would be by running Mozilla, or even xmms, as
described here:
http://online.securityfocus.com/archive/1/306476/2003-01-11/2003-01-17/0

(I'm not sure the above posting isn't a hoax, but in theory it's
possible.  Extremely complicated, but possible.)

Basically, if you're extremely nervous, build a kernel with a
non-executable user stack (openwall patch), and build Evolution,
Mozilla, etc. with Stackguard if you're extra paranoid.  You could also
sandbox Evolution.

But honestly, nobody is that paranoid.  Right? :)

Jason.

-- 
Jason Tackaberry  ::  tack auc ca  :: 705-949-2301 x330 
Academic Computing Support Specialist
Information Technology Services
Algoma University College  ::  www.auc.ca

Follow-Ups:
- Re: [Evolution] Is virus protection required?
  - From: Tony Earnshaw

References:
- [Evolution] Is virus protection required?
  - From: Dave Finnegan

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]