I am running Fedora Core 2 on my laptop and this morning I got the following email (recieved text originally in Spanish and translated into English).

Warning for: fgs_eq@hotmail.com

It has been found a virus in an email sended by you.
This virus detector has intercepted before sending it to its
destination.

The virus found was:

SPAM detected

Please, update your antivirus or contact with your system department as soon
as possible, because your system seems to be infected.

Your message's content was:

MAIL FROM: fgs_eq@hotmail.com
RCPT TO: bcs@grupbcs.com

with the following headers:

---
MAILFROM: fgs_eq@hotmail.com
Received: from unknown (HELO grupbcs.com) ([81.36.191.19])
(envelope-sender <fgs_eq@hotmail.com>)
by 0 (qmail-ldap-1.03) with SMTP
for <bcs@grupbcs.com>; 1 Sep 2004 19:42:14 -0000
From: fgs_eq@hotmail.com
To: bcs@grupbcs.com
Subject: Hi
Date: Wed, 1 Sep 2004 21:42:11 +0200
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0001_00004CD2.0000597F"
X-Priority: 1
X-MSMail-Priority: High


---

By that time I was only using Mozilla 1.7.2 checking a webmail account different from the one that it is reffered in the advisory but that it has access to this fgs_eq@hotmail via an option to administrate hotmail accounts.

I have installed Al's Messenger v0.92.

I have only been login as root when it was necessary for installing some applications I think they cannot be harmful.

Can my computer be infected, or is it one "well-made" spam emails?? And if it is, what can I do??

Thank you in advance.

It's certainly possible for a Linux computer to be infected with a virus (though rather uncommon). I'd download and run ClamAV (search for it on google) just to check.

If you're sending the email through webmail then it's likely to be the computer running the website that's infected, assuming that this email is genuine and not just spam.

Also, if you have attached a file with the email you sent, then this file itself may have a virus. Consider where you got the file from; if it contained (e.g.) a Windows virus when you got it, then it'll still contain one when you attach it to an email, even if it can't infect your computer.

In refference to the first post I made and to determine if my computer can be infected or not, it must be said that besides I was using webmail when this email spam was sent, I have never introduced "fgs_eq@hotmail.com" in any email client or contact book in my computer. Just the Al's Messenger is the only program that "uses" this address, and it was not running when the spam was sent.

Taking this into account, is there any possibility still that it can be infected???

Thank you for your help

I have got a second question. When it says in the spam virus warning email that I posted in the first message:

Received: from unknown (HELO grupbcs.com) ([81.36.191.19])
(envelope-sender <fgs_eq@hotmail.com> )
by 0 (qmail-ldap-1.03) with SMTP

It means that it came from the computer which IP was 81.36.191.19, isn't it? My computer must have had this IP on Wed 1 Sep at 21:42:11 +0200 if the spam email was sent from my infected computer, is this true???????????????

To answer your second question: The server that sent you the email is claiming that the email originated from an SMTP client with the IP address 81.36.191.19; this could be either your computer or (perhaps more likely) the webmail gateway.

In answer to the first question, some viruses will look for email addresses and then send infected file to there. Without knowing anything more about the alledged virus in question, I really couldn't say if or how that could happen in this case.

My advice is still to install and run ClamAV, at least as a precaution. It won't cost you anything.