Re: [Evolution] Tell how to handle malicious email in Evolution Help and make defanged examples into a test suite

From: Andre Klapper <ak-47 gmx net>
To: evolution-list gnome org
Subject: Re: [Evolution] Tell how to handle malicious email in Evolution Help and make defanged examples into a test suite
Date: Sun, 18 Nov 2018 10:00:35 +0100

On Sat, 2018-11-17 at 16:06 -0800, Lee McKusick wrote:

I am writing to suggest the Evolution help file be updated with
instructions on how to safely capture a malicious email


There is neither something Evolution specific nor something "malicious
email" specific, I'd say:
You can click "File > Save as mbox...", as for any other email.
Hence that sounds out of scope for the Evolution help file.

, and further, how to deal with some of the malicious emails


Like any other email: You can delete emails you don't want, you can
ignore emails, ... neither Evo specific nor "malicious" specific.

 and yet further, how to clean up the system if a really persistent
bad email can not be removed.


If some email cannot be deleted in Evolution for some reason that would
be a bug. Bugs with clear steps to reproduce can be reported at
https://gitlab.gnome.org/GNOME/evolution/issues/new

Additionally, we should have a way of collecting some captured
emails,


Who is "we"? See above how to save / "capture" an email.

defanging them and making them available as test tools so a system
administrator can confirm instances of Evolution on user machines are
updated and safe from malicious take-over.


Your system administrator and you are welcome to set up a process to
collect such emails (for some reason I do not understand yet).

I got a really nasty email that drew red lines and switched all
incoming mail to the Junk folder. Fooling me for several days.


That sounds unlikely. If such things happened, exact steps to
reproduce, a testcase, and account info (IMAP? POP?) are welcome.

I have been running Evolution on Ubuntu Linux for years. The other day
about November 8, 2018. I received a remarkably malicious email, which
was so nasty I deleted it with prejudice.

This email drew a red line through about six subject lines 3 above and
3 below itself. Further, this email routed all my incoming mail to the
Junk folder.


That sounds unrelated to that email. A red subject line means that your
junk filter decided that the email is junk. You can disable displaying
junk messages in your mail folder via "View > Show Junk Messages".

"routing": Which email account type is this about? Local? Remote?

My guess is the method of drawing red lines was accomplished by filling
the subject line with terminal control characters. That is an old trick
dating back to teletype terminals that used backspace and overtyping to
underline text.


We will only find out for sure with a test case.

I started searching trying to find guidance on how to handle this
email. I was puzzled that I simply couldn't find any good current
information about this malicious email. My guess is this malicious
email is an old trick being deliberately sent in hopes that the odd
Evolution user such as myself is at the other end.

The second trick that the malicious email did, is it routed all my
emails to the Junk folder. This email appears to have poked a false
account name called "Enabled checkbox On this computer Default
greencheckbox maildir" into the preferences->account name table.


I don't see how the creation of such an account would be related to
"routing emails to the Junk folder".

Which email account type(s) is this about? 
How exactly is spam filtering set up? Server-side? In Evolution?
Spamassassin? Bogofilter? Something else?

Cheers,
andre
-- 
Andre Klapper  |  ak-47 gmx net
https://blogs.gnome.org/aklapper/

References:
- [Evolution] Tell how to handle malicious email in Evolution Help and make defanged examples into a test suite
  - From: Lee McKusick

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]