Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I keep getting returned messages that I know I didn't send. I am using Ubuntu 11.04 64 bit 6 gig of RAM. How could I find out what is sending these emails.
And does a virus program like Avast or Clam only check for viruses in files from Windows or can it check for viruses from a different file layout like Linux? I often have wondered about that.
It is almost certainly the case that someone else, somewhere in the world, is sending out (spam...) emails with your return-address on them. And unfortunately there's nothing you can do about it, because the e-mail handling system of the Internet was never built with security and accountability in mind. I can send an e-mail to you "from god@heaven.com," and it will go through. If it bounces, God gets the grief. (Hey, the Devil made me do it ...)
So you don't think I have a virus on this box? I have always believed that Ubuntu doesn't get viruses but this incident got me to wondering about that.
About the virus scanning question would a virus pattern on a Windows box be the same as on a Linux box? In other words would it see a virus on Linux and be accurate?
Thanks for the respond.
You rarely see Linux virus' although they do exist. Even if you do manage to get one, they dont seem to cause mass destruction like on a Windows Box. I agree 100% with sundialsvcs, that someone is spamming your email with your return address on them. One measure to calm your nerves about it not being a rootkit or virus, maybe fire up Wireshark and see if any stray or weird packets are sent out. Virus's and rootkits normally sent out stray packets to a control server somewhere. However even then, if well designed, would be silent.
I wish you all the best, but i doubt you've got a virus.
Look at the FULL headers for one or more of those emails. You will probably find yourself listed at the very bottom with the actual spammer listed above you. It is unfortunate, but a common tactic to spoof the header with an innocent party in the spam attempt. This causes a double-whammy in the email system in that extra traffic is generated and hassle is created for someone else.
Especially if it is a service like a hotmail, gmail, or yahoo, that is in question, at a minimum I would change your password(s), just as a precaution.
For you edification, you might also want to post the header and email through spamcop and get the technical report about the spam. It will probably provide a lot of information regarding the spammer's relay chain. If you do desire or need to take action, this could be valuable information for your case.
The first thing I would do is mount /home noexec,nodev. Also make sure your browser is set to cache in your home directory. Clear your cache if it is not and change the cache setting.
If you did not make a partishion for /home during install you can use cat to join large files together. Format and loop mount the file noexec,nodev. Move your files from /home to the new partition, than mount the new partition as /home noexec,nodev.
This will in theory kill many Linux virus.
Last edited by enyawix; 09-11-2011 at 07:21 PM.
Reason: my post was changed
I keep getting returned messages that I know I didn't send. I am using Ubuntu 11.04 64 bit 6 gig of RAM. How could I find out what is sending these emails.
One possibility that nobody has mentioned yet is that you're running an unsecured mail daemon, and someone is using you as a spam relay. I actually saw this done to a mainframe once.
Quote:
Originally Posted by dyess002
And does a virus program like Avast or Clam only check for viruses in files from Windows or can it check for viruses from a different file layout like Linux? I often have wondered about that.
They'll check for any known virus signatures, no matter the file type.
Uhhh. I think you should read about UNIX architecture like separation of privileges and stuff before you post things like that.
I have been using Linux and contributing 1995. There is no real reason for code to be executed in /home
My systems have been setup as indicated above since 1999 with few very minor changes to programs. I welcome peer review and willing to demonstrate function.
I have been using Linux and contributing 1995. There is no real reason for code to be executed in /home
Actually if you're running a true multi-user environment, there is every reason to allow code to be executed in /home, it is MUCH more secure. Heck, even on my single user systems, I don't see any reason to ban executables from /home, provided the permissions are proper and there isn't something dumb like blanket sudo privileges with no password.
Thanks for the help guys.
So far here is what's going on with this.
I turned the source of the email into Spamcop and after the second day so far I haven't gotten anymore.
I don't know if it is that this Spam Cop really worked or they will start back again.
Thanks for the help.
Actually if you're running a true multi-user environment, there is every reason to allow code to be executed in /home, it is MUCH more secure. Heck, even on my single user systems, I don't see any reason to ban executables from /home, provided the permissions are proper and there isn't something dumb like blanket sudo privileges with no password.
The reason for not allowing code to run in /home is to limit damage from downloads when the linux virus becomes more common. I find a large number of windows virus in the equivalent of /home. Applying selinux to limit what apps can do. I expect the Linux virus to some day become more common.
When you do programming projects, not being able to execute anything in /home makes it impossible to work. Also, what if you want to run a downloaded script, or have a directory under /home in your PATH so that you can run commands without installing them?
When you do programming projects, not being able to execute anything in /home makes it impossible to work. Also, what if you want to run a downloaded script, or have a directory under /home in your PATH so that you can run commands without installing them?
I do programming projects in Virtualbox. I also test scripts in VM before I allow them on real computers. MY only project not in Virtualbox are my GNS3 cisco router projects. They are on a dedicated computer.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.