274594 - Four Viruses in download

Status: VERIFIED INVALID

(Thunderbird :: Installer, defect)

Description

[Steven Roth]

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
Build Identifier: Thunderbird/1.0

Norton Anti-Virus detected four (4) MyDoom virus traces in your download.  It's 
apparently the MAPI import section.

After repeated crashes, Norton Anti-Virus popped up and told me that four virus 
instances were detected.  All four occurred within a few seconds, according to 
the timestamps.

Reproducible: Always

Steps to Reproduce:
1.  Install Thunderbird
2.  Import Outlook folders (all mail is already virus-free or NAV would already 
have flagged it.
3.

Actual Results:  
Several crashes (don't you test your software?  Or was this written by the old 
Netscape team?)

Then on the Nth try, Norton identified the four virus traces.  They were not in 
messages, as I have multiple levels of virus protection and NAV would have 
detected an email-borne virus as soon as it entered the PC.

Thunderbird is the only software I have downloaded in a very long time.

Expected Results:  
Not had embedded viruses.

Importing either address book or mail folders.  Repeated crashes - BOOM!  It's 
gone.

I "uninstalled" Thunderbird.  I will reconsider it after you fix these problems.

Comment 1

[Steven Roth]

Scott,

I was using Thunderbird as an IMAP client, my server being a Linux box (RH 9.0) 
with sendmail/procmail and f-prot.  All Windows clients have up-to-date Norton 
Anti-Virus installed.  For their respective platforms, I regard both highly.

Install the software on a Windows XP machine and run Norton Antivirus with the 
latest virus defs (just to be sure).  By the way, McAfee is very intrusive 
(pops up all the time to give you relevant or irrelevant info, and forces you 
to manually log in to their server every time to download new program or virus 
definitions -- apparently ego is a feature), and I recommend against it.

If your codebase is on UNIX or Linux, I suggest running F-Prot there to sweep 
your machines, as well.  You can also run NAV Server Edition from Windows to 
sweep Samba-exported drives.  Since Mozilla is non-profit, you may be able to 
use the free version of f-prot.

Thoughts regarding the crashes, which occurred EVERY time I tried to import my 
Outlook folders:

- They may be virus-related.

- They may also be related to my very large local Outlook PST files.

I believe you released 1.0 prematurely.

Regards,
Steve Roth
steve@eastend.com

Comment 2

[Alessio]

(In reply to comment #1)

> Install the software on a Windows XP machine and run Norton Antivirus with the 
> latest virus defs (just to be sure).

I tried Kaspersky Personal Pro (with latest defs) on the latest Thunderbird
Setup 1.0.exe and it reported NO virus. I guess it could be a fake NAV warning
(check best antivir softwared list here:
http://www.virus.gr/english/fullxml/default.asp?id=67&mnu=67), or you could be
infected for other reasons. IMHO.

Comment 3

[Mike Kowalski]

try doing a full system scan for viruses. what version of nav are you using?

Comment 4

[Steven Roth]

> I tried Kaspersky Personal Pro (with latest defs) on the latest Thunderbird
> Setup 1.0.exe and it reported NO virus. I guess it could be a fake NAV warning
> (check best antivir softwared list here:
> http://www.virus.gr/english/fullxml/default.asp?id=67&mnu=67), or you could be
> infected for other reasons. IMHO.

There was no other vehicle for viruses to enter my system.  As I had mentioned, 
this is the first software download in a very long time.  My email is heavily 
filtered for spam and viruses/worms, both on server and client.  Norton has not 
found any viruses since I installed the multi-level filtering in mid-August.

Before that, NAV routinely identified and removed malicious code arriving by 
any means.

The NAV timestamps correspond with the time of the Thunderbird 1.0 installation.

I cannot tell you anything beyond that.