[LWN Logo]

Date: Tue, 09 May 2000 14:24:40 +0200
From: Gael Duval <gduval@mandrakesoft.com>
To: announce@linux-mandrake.com, security-announce@linux-mandrake.com
Subject: [Security Announce] Linux-Mandrake NOT attacked by LOVE virus.

People using MandrakeSoft version of Linux can continue to open all
their email messages without any risk to their computer. The recently
destructive Virus called "I love you" or "Love Message" virus doesn't
affect versions of Linux-Mandrake nor any other Linux operating
systems.

Software viruses are programs that can infect poorly-secured computer
operating systems and applications. Machines running the Linux
operating system have never been infected by a virus yet.

People using email agents under Linux-Mandrake, including
Netscape-mail, Kmail, Balsa, Emacs-mail, Pine, Elm, Mailx and Exmh can
open any infected email message without any risk to their data.

Additionally people using their Linux-Mandrake system as a smtp server
(with Sendmail or Postfix) to the unlucky Windows(tm) users can easily
stop the spread of the Love virus.

- If you use Sendmail as a smtp server, follow the instructions
provided on the official Sendmail website on
http://sendmail.net/?feed=lovefix. They also have issued a patch that
can be used to prevent the Love worm mutations on
http://sendmail.net/?feed=lovemorph

- If you use Postfix as a smtp server, here's a quick fix:

In /etc/postfix/main.cf put the following line: 

  header_checks = regexp:/etc/postfix/header_checks 

In /etc/postfix/header_checks add this following line:

  /^Subject: ILOVEYOU/ REJECT 

This rejects any message with "ILOVEYOU" in the subject. Depending on
the new mutations, you'll have to adapt the last line according to new
subject. 

- You can also block the virus with Procmail by adding the following
to your .procmailrc:

  :0 D
  * ^Subject:[[tab] ]+ILOVEYOU
  /dev/null

  This erases any message with "ILOVEYOU" in the subject. You can
adapt it to new forms taken by the virus.

For more information about the Love virus, there is a complete
advisory available on CERT's site on
http://www.cert.org/advisories/CA-2000-04.html