On 20 May 2000, at 20:46, Demetri Kolokotronis <[log in to unmask]> wrote:
> It has been suggested that suspicious e-mail attachments be peeked at
> with a viewer, before opening them. As a degree of protection, not as a
> substitute for sound practices, such as having a good up to date
> anti-virus program, how sound is this advice?
This is in fact much more important than using a good antivirus program.
You may usually just try to save it and see the extension.
On the other hand there is some experience needed for doing it.
For example, viewing the attachment with Notepad, may, as far as I
know, activate RTF macros in RTF files (I am not 100% sure about that
though).
Looking at the headers of the attachment to see if the attachment has
an extension of a format which might contain executable, and if the
format is unknown to your system, to see if the MIME header is of an
executable, is something I always do, and I'm counting on it, much
more than I'm counting on antivirus programs even if they are updated.
In a case where I receive an attachment that might contain executable
code, I will never execute it, unless I apriory expect this specific
attachment from that person.
If I did not, I may try to contact that person and ask if it was sent on
purpose (assuming that I know and trust that person), and if yes, then I
will check it with at least one updated antivirus program (because, it is
stil possible that this attachment is infected without the person knowing
about that, just because his/her computer is infected.
Windows and as far as I know all e-mail clients, decide which
application to use according to first the filename extension, if there is no
program registered for that extension, then according to the MIME
header.
One may check both, or save the attachment, and then it will be
executed only according to the filename extension.
Uzi
http://members.iol.co.il/uzip/
"Hold No Punches.." Rode brings you great shareware/freeware
programs with his honest opinions in this weekly column.
http://nospin.com/rode
|
