Viruses in email

I may be misremembering this, but I had read that if you sent a email message that was larger than the buffer size there was a hole in several email readers that would dump the remaining text into the system where it could execute.

Talking about Music is like Dancing about Architecture

Can you provide a link to a mailbag column, or should this be moved to General Questions?

I got screwed up in the system, not sure what’s going on…

The url is http://www.straightdope.com/mailbag/mvirus.html

That mailbag article seems quite comprehensive, but if I understand it correctly, it’s pretty much limited to the PC/Windows arena. Does a Unix (or Mac or OS/2 or …) user have to worry about any of this?

The type of exposure described in the first post of this thread is, in fact, classically associated with Unix. In fact, about 90% of Unix security bugs that I have seen reported have been of the “oversized message overrunning a buffer” variety. It is not usually a problem where Windows is involved, because it is not the e-mail program that you see (Outlook or Netscape or Microsoft Exchange or whatever) that is involved, but rather the lower-level programs that read and write bytes to the Internet on behalf of your mail program, so that the penetration is usually made to computers that are directly and permanently connected to the Internet without a firewall. (That doesn’t mean that Windows doesn’t have these bugs – just that Windows systems aren’t usually the targets of this kind of attack.)


John W. Kennedy
“Compact is becoming contract; man only earns and pays.”
– Charles Williams