On 04/07/2018 06:29 PM, Peter Flynn wrote:
> On 07/04/18 22:30, Jim wrote:
>> I run thunderbird on various flavors of Ubuntu in text mode.
>> Is there any risk in just opening a suspicious email using thunderbird
>> in Ubuntu?
> I don't know for sure, because I don't know what holes there are in
> Thunderbird, so I avoid opening dodgy emails in it, even though I have
> it set NOT to use HTML.
>> If there is risk does using text mode mitigate it any?
> It depends what you mean by text mode -- that is, what mail application?
> If you use UCB Mail, I'd say zero risk, as there isn't any kind of API
> that a virus could latch onto AFAIK. Probably the same applies to mutt,
> elm, pine, etc.
>> Would opening it in print preview make it less risky?
> No, probably worse, as that will invoke PDF or other graphics libraries,
> all of which have had known vulnerabilities.
> Personally I just delete suspicious emails on arrival (those that
> procmail hasn't already trashed).
One note here: Do not open any email that purports to come from any
And it may be useful to forward it to *abuse@(financial
institution).com* because many of those
financial institutions will attempt to track down and stop those emails.
They are *all* phishing
> It's very unlikely that anyone I deal with would send anything other
> than plain text, and the few who might have to use O365 know better than
> to send me HTML email or OLE embedded features.
> Anyone genuinely trying to contact me for the first time, and sending a
> message which looks suspicious, will just have to try another way.
> If it might be really, really important, right-click the message and
> pick Save As... and save it as a file somewhere. Then open it with a
> plaintext editor (eg Emacs, vi, gedit, etc). You will at least be able
> to see and examine all the headers for evidence of dodgy origins, and to
> see if it contains plain text in the message body. If the entire message
> looks like hexadecimal, with no readable text at all, then it's been
> sent from a system that leaves no plaintext copy, which I would avoid.
-------------- next part --------------
An HTML attachment was scrubbed...