We have recently seen a number of inquiries about suspicious emails being received, specifically with the following Subject:

"Subject: Email account utilization warning."

These appear to be variants of the Beagle/Bagle Worm emails. They are reported to carry an attachment in a number of file extensions, including but not limited to .pif, .txt, .zip etc...
http://securityresponse.symantec.com/avcenter/venc/data/w32.beagle.j@mm.html

This, as well as a number of other Virus/Worm emails are being widely reported and once again the importance of not opening files you are not expecting cannot be overemphasized.

Additionally to prevent the receipt of these your CNC Email Filters can play an important role specifically your built-in "Executable attachments" filter and the Custom "Attachment Extensions" filter that allow you to specify additional file extensions, such as .zip, that you wish to block.
http://service.futurequest.net/index.php?_a=knowledgebase&_j=subcat&_i=33

A number of resources for learning more about this and other Virus/Worm threats are listed below...
http://www3.ca.com/virusinfo/
http://www.sarc.com/
http://www.sophos.com/
http://www.kaspersky.ch/

-Bob

- Stay Safe out there, it's a nasty world :( -

Yeah, we've been seeing a bunch of these. NortonAV does trap it; and I would expect most of the other better AV's do, as well.

Oh, goodie.

Good idea to check your AV updates, of course, as this is rather recent.

While we're on the topic... I've got a site user claiming he got a w32 dupator virus via my site. I can't conceive how this could be true since that's a windows based virus, unless of course someone posted a zip attachment in my forums (which I've yet to find but doesn't mean isn't there since too many threads in my forums). So suppose this is my effort to make sure the possibility is impossible to be the fault of the actual server.

Hello Joe,

Evert W32 virus variant I have seen carries at least the following under Systems Not Affected: DOS, Linux, Macintosh, OS/2, UNIX, Windows 3.x

The best I can find on w32 dupator is here which indicates the following names as well:
W32/Dupator [McAfee]
Win95.Dupator.1503 [KAV]
PE_DUPATOR.1503 [Trend]
Mid/W95/Dupator [Sophos]

Listed here:
http://securityresponse.symantec.com/avcenter/venc/data/w95.dupator.1503.html
Systems Not Affected: Windows 3.x, Windows NT, Windows 2000, Windows XP, Macintosh, OS/2, UNIX, Linux
-Bob

So suppose this is my effort to make sure the possibility is impossible to be the fault of the actual server.
If someone uploads an infected file to your forums, and others download it - then yes our servers will have done exactly what they were asked to do, as directed by your message forums, in regards to accepting the file, storing it, and delivering it to anyone whom should explicitly download it... Our servers have no concept of filtering/censoring your content, as that is left to the individual site owner to properly perform in accordance to each of their unique needs...

My best advice is to not allow file uploads of any kind, except from trusted sources - otherwise your forums can become a conduit for virus laden files and place the control as such in the hands of strangers...

I would also highly encourage you to go into your raw message forum database tables, and hunt down all of the (zip, or otherwise) file attachments... Since you offer a public service to your visitors, then it is your duty/responsiblity to ensure that your forums are a safe haven free from any rogue attachments...

The best way to handle this is one of 2 ways:
1) Do not accept attachments... -period-
2) Accept attachments, but quarantine them until a moderator can thoroughly scan them for viruses before release to your visitors...

In the case of #2, if your forum software doesn't provide that feature, then ask the developers to add it... You could even provide a contribution to the project in order to facilitate a greater interest in adding this feature...

--
Terra
--watches the Internet come full circle back into the days of the wild wild west where bandits lurk behind every bend--
FutureQuest

We have also added a new area for a quick update for Virus/Worm Information courtesy of Sophos.com as a result of the, seemingly never ending, barrage of virus/worm threats :(

http://www.FutureQuest.net/Support/#virus

Linked from the FutureQuest Service page located at http://www.FutureQuest.net/Support
and from the Support Main page located here http://Service.FutureQuest.net/

Hopefully this will be yet another resource that will prove useful...

-Bob

Actually based on the person's reply to my emails I suspect got it from email unrelated to my site since says never downloaded or viewed any attachments on my site and no one else has reported such a problem.

Anyways...my forums use vBulletin. And prior to this I think the only potential was the fact that I allowed zip files as attachments, which I've now removed from allowed files, though I seem to be the only one that ever used that format. These are the current accepted file formats: gif jpg jpeg bmp png txt rtf pdf mid midi mp3 ram ra rm wma wav au mov wmv avi. I thought none of these other formats were suspectible to containing a virus? My people primarily use the attachment feature in order to post artwork, pictures, and music files. I've searched the attachment table of our MySQL database and see nothing but image files primarily with the rare midi or mp3 file.

i guess this is a question for Terra.

how exactly would a software developer add virus filtering code to a forum program with an upload feature? it seems to me you'd need to have the program subscribe to some service that accepts a URL for the file, uploads it, scans it, and delivers a verdict. are such services available? if so, i'm all ears. if not, what would be the alternative? i don't know of any web applications that offer filtering yet, but i could just be ignorant.

i'm asking because i've just added an upload manager like the one in VBulletin to my program and i'd offer filtering if it was a manageable proposition.

by the way, i'm glad this thread was initiated. i've now seen a couple of those solicitations in my mail box and i'd certainly have wondered what the heck they were if i hadn't already read this thread.

Stephen:

What I was alluding to in #2, is that when someone attaches a file to a post, that the attachment is placed off into a holding queue and is not made public until a moderator can download the attachment for scanning or inspection... Once the attachment is validated, then it is made public and accessible to your visitors for downloading...

Also, I do not believe it is the forums software to do the virus scanning, as this is best served by other programs to accomplish this task... I'm sure it will happen someday, but I do not know of any mainstream forum software right now that has this capability...

--
Terra
--moderation can come with a tremendous amount of responsibility that your visitors depend on--
FutureQuest

And my question goes unanswered. So I'll ask again perhaps in a clearer fashion. Aren't the above listed formats not even suspectible to having a virus?

I don't know what FutureQuest's formal response will be, but having watched the situation at work (office of about 130 people), there's no safe format as long as you're using Outlook.

PDFs have one, though it's not really a threat (http://www.techtv.com/news/internet/story/0,24195,3341369,00.html) There was an MP3 virus hoax, but no real one I was able to find. A JPEG virus was up for debate, but appeared to be a proof-of-concept that, in fact, proved it didn't work.

in practice, as far as scanning an uploaded file goes, it's a dubious proposition to leave it to a moderator to figure out whether it's clean or not. there's the time factor, there's the human factor (error prone), and there's the problem of maintaining antivirus software that's always up to date. an automated service would be the best way to go. maybe someone does offer such a service. i haven't looked around, but i guess i'm going to now ;)

I have recently enabled attachments uploading on my vB3 forums, and from reading this, disabled the extensions for saftey - pdf doc zip psd

I'm on a mac - how do I / what program can I use to scan uploaded attachments to ensure that they are virus free?

Mark
It's Apples fault - I'm clueless about viruses