Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!wuarchive!zaphod.mps.ohio-state.edu!unix.cis.pitt.edu!dsinc!netnews.upenn.edu!vax1.cc.lehigh.edu!cert.sei.cmu.edu!krvw From: news@umd5.umd.edu (USENET) Newsgroups: comp.virus Subject: Re: Am I subject to viruses? Message-ID: <0004.9104111306.AA01727@ubu.cert.sei.cmu.edu> Date: 10 Apr 91 23:35:03 GMT Sender: Virus Discussion List Lines: 33 Approved: krvw@sei.cmu.edu Pandy Holmberg writes: >pcsbbs!fff@uunet.uu.net writes: > >> I know that this is the kind of question that only a novice would ask. >> Well, I am a *rank* novice in Usenet, UUCP, and telecommunications in >> general. Please bear with me. The question is: >> >> If I connect to a site where I always initiate the call, only exchange >> email and receive netnews, am I subject to receiving a virus. My >> modem is never left on and the port is not enabled for a login. > >The answer is NO. As long as you just use your computer as a terminal. >As soon as you start downloading files, the danger appears... HOLD IT! IF he uses his computer only as a terminal then he is safe. However, it is not clear that is what he does. He mentions USENET and UUCP. He says that he initiates the call to exchange email and netnews. He says that the port is not enabled for login. That implies to me that he is running his own Unix machine and uses UUCP to send and receive email and netnews. That means that he is transferring files. Even worse it means that he allows "rmail" and "rnews" to be remotely executed on his machine. I don't know what software and version he is running, but it is possible that there may be deliberate or accidental trapdoors in that software. Just after the Internet worm incident, there was some discussion on whether or not something similiar to the sendmail or fingerd attack could take place via UUCP. I don't remember the conclusion, but I wouldn't want to guarantee that he is safe. If he is concerned, taking a few minutes to look at the source code for "rmail" and "rnews" would not be unreasonable. Bill Bogstad