Date: Tue, 09 May 2000 14:24:40 +0200 From: Gael Duval <gduval@mandrakesoft.com> To: announce@linux-mandrake.com, security-announce@linux-mandrake.com Subject: [Security Announce] Linux-Mandrake NOT attacked by LOVE virus. People using MandrakeSoft version of Linux can continue to open all their email messages without any risk to their computer. The recently destructive Virus called "I love you" or "Love Message" virus doesn't affect versions of Linux-Mandrake nor any other Linux operating systems. Software viruses are programs that can infect poorly-secured computer operating systems and applications. Machines running the Linux operating system have never been infected by a virus yet. People using email agents under Linux-Mandrake, including Netscape-mail, Kmail, Balsa, Emacs-mail, Pine, Elm, Mailx and Exmh can open any infected email message without any risk to their data. Additionally people using their Linux-Mandrake system as a smtp server (with Sendmail or Postfix) to the unlucky Windows(tm) users can easily stop the spread of the Love virus. - If you use Sendmail as a smtp server, follow the instructions provided on the official Sendmail website on http://sendmail.net/?feed=lovefix. They also have issued a patch that can be used to prevent the Love worm mutations on http://sendmail.net/?feed=lovemorph - If you use Postfix as a smtp server, here's a quick fix: In /etc/postfix/main.cf put the following line: header_checks = regexp:/etc/postfix/header_checks In /etc/postfix/header_checks add this following line: /^Subject: ILOVEYOU/ REJECT This rejects any message with "ILOVEYOU" in the subject. Depending on the new mutations, you'll have to adapt the last line according to new subject. - You can also block the virus with Procmail by adding the following to your .procmailrc: :0 D * ^Subject:[[tab] ]+ILOVEYOU /dev/null This erases any message with "ILOVEYOU" in the subject. You can adapt it to new forms taken by the virus. For more information about the Love virus, there is a complete advisory available on CERT's site on http://www.cert.org/advisories/CA-2000-04.html