http://www.dwightblackburn.com/image/open_attach_warn.jpg

.txt file attachments arrive with e-mail and above (example) warning is generated. .....Uncheck 'Always ask before opening this type of file' in error and text files subsequently open immediately inside e-mail. .....Attempt to restore the warning facility, as per this LINK (http://www.dwightblackburn.com/open_attachment.htm), but .txt files still continue opening within e-mail. .....???

Any suggestions?

NB: Not using Preview Pane.

Thanks.

BLUE SKY THINKER

I do not know of the option with .txt since they just open. Also with a .txt file there is no worry of any virus or malware.

Take Care,

Richard

One caveat, there, BST - hoping they really are text files and not nasties with a false designator!

Is there any danger, Naples, in this?

Richard.....

Thanks. .....In view of the last part of your comment, perhaps I shouldn't lose any sleep over it, unless BOAC has a point (?).

It is a slight mystery though. .....I've only started experimenting with OEx.6 over the last few days, with a view to possibly using it on moving ISP (have been utilising AOL's mail program up to now). .....As part of that process I sent myself a couple of trial e-mail's. The first was a standard one with no attachment, but even that wouldn't open the email without doing so via the 'Open Attachment Warning' box. .....The second, with .txt attachment, likewise; but on unchecking (as I said, in error) the 'Always ask before opening this type of file', all files opening straight into e-mail.

.txt files will normally be associated with Notepad - the latter is unable to run executables therefore zero risk of viruses and such like.

aman - as I understand it, anyone can attach an file containing a virus to an email and change its type to txt?

I am not confident that the hackers have not found a way to activate a virus this way. They can do it with pifs and gifs and the like - or are we COMPLETELY safe?

You're right BOAC, while technically a .txt file in itself cannot contain a virus, it can contain information that is required by a virus/worm/trojan executable to deliver its payload. A quick gander on the Symantec site confirms this for the w32.perrun (http://securityresponse.symantec.com/avcenter/venc/data/w32.perrun.html) virus for example:

If a .jpg or .txt file that has been altered by W32.Perrun is opened on another, uninfected computer, it will not execute malicious actions on that computer because the virus requires the presence of the Extrk.exe or Textrk.exe file for it to execute and append its malicious content to other files.

You learn something new every day :)

BOAC,

Unless the hackers can also change how your system deals with .txt files then you are completely safe.

Try this simple experiment:

create a text file called "hello.txt" containing the two words: echo hello.

Save it to a convenient location. Double click on it - notepad (or your default text editor) will open it and display the text.

Open a command prompt, change to the location of the hello.txt file. type "hello" at the command prompt. Nothing happens (bad command or filename/not a recognised executable). If you type "hello.txt", nothing in happens in 98, but XP (and possibly 2000) will run notepad, as if you had double-clicked on the file. It shows the contents of the file, but does NOT execute anything.

Now rename the file to hello.bat (or copy, doesn't matter).

From the command prompt, in the same directory, type "hello" or "hello.bat". Now you should see the echo command work and "hello" appears on the screen. On this occasion, a command HAS been run, whereas as a text file it did not.

As you can see, your system will not open a program or command prompt to "execute" a plain text file. However, it will for a .bat, .exe, .com, .pif etc. as you already know.

HTH

SD

Saab - all agreed, but I think perhaps a significant number of computer users might not know they had been infected by, for example, 'perrun', and then this could happen

For the variant that appends to TXT files

Textrk.exe is then configured to open all TXT files by changing the (Default) value of the registry key

HKEY_LOCAL_MACHINE\Software\Classes\txtfile\shell\open\comma nd

to

textrk.exe %1 :{

As Richard says - take care!

It might also be an attempt to exploit the double file extension attack. See here (http://www.antichip.org/virusinfo/extensions.html) , for example :rolleyes:

BOAC,

As long at the file opens in notepad it should not be an issue. If the file has a hidden extension it is a problem. Microsoft is supposed to patch WinXP since this is a known exploit. Something else virus writers have been doing is putting the .pif 30 characters away from the last text in the file name as in:

open me.txt .pif

One thing I do is screen all my mail with with Mailwasher Pro which shows me the double extensions before I download the email.

Personally I do not use OL or OLE. I use the old Netscape 4.79 for email. (Since no one writes viruses that target it anymore.)

I did a little test with my email. I sent myself an email with an attached file called:

test.txt .pif

(Which I created in Notepad)

When I received the email back It showed this file data as the attached file:

Name: test.txt .pif
Type: Shortcut to MS-DOS Program (application/x-unknown-content-type-piffile)
Encoding: base64

When I sent the same file as:

test.txt

The file was opened in the body of my email so I could read it.

I would hope OL and OLE do the same, I would appreciate it if one of you repeated the same test with OL and OLE.

Then we will know what happens with those programs.

Take Care,

Richard

Richard.....

As I started all this, I thought the least I could do is try your test on Outlook Express 6.

Created two files and saved to hard drive:

test1.txt.pif (contents read) - This is the contents of the '.pif'. If you can read it, it has opened into email

test2.txt - This is the contents of the standard '.txt. If you can read it , it has opened into email

Sent two separate e-mail's to myself, each with one of these attachments.

In the case of the first - in the header at the top, alongside 'Attach' - the file name did show its '.pif' extension (which it didn't when initially saved to my hard drive) but it also opened into the e-mail at the same time and I could immediately read the contents as created above. The second, 'test2.txt' behaved in exactly the same way.

Although they opened and displayed as indicated, in both cases by double clicking the file icon next to 'Attach' the 'Open Attachment Warning' comes up. On clicking 'Open it'.....

'.pif'.....
(box)16 bit MS-DOS Subsystem
file reference, then: ".....Invalid program file name, please check your pif file. Choose 'Close' to terminate the application"

'.txt'.....
Contents displayed in Notepad.

Getting a bit confused now, re. both opening in the body of the e-mail/different result on double clicking attachment. But perhaps I've got the wrong end of the stick here, or am starting to lose the plot?!?

Richard wrote:

I use the old Netscape 4.79 for email

In my opinion that's the best genuine advice offered to PC users all month. The Netscape mail offering is very nice indeed and very 'familiar' if you know what I mean.

The Windows mail client most of you use still has significant risks and is considered as the number one target for getting malicious executables on your system.

Regards
Rob

BLUE SKY THINKER

If your Email Program is opening .pif's we do have a problem. Did you set the program for the .pif's to open with?

Take Care,

Richard

Richard.....

Apologies, not quite at your level; getting a bit out of my depth.

Test exactly as per above; didn't set any program.

Bizarrely, I can't now recreate the test. No problem with the standard '.txt', but as regards the '.pif'.....

AOL information box indicates:
"This file could not be sent. Please check to see if the file is open in another application" Not that I can see. .....?

Naples Air Center, Inc. and PPRuNe Towers

Just to remove any possible ambiguity, are your favorable remarks about "Netscape 4.79" or "Netscape Communicator 4.79"?

I use "Netscape Communicator 4.79" for email all the time, while avoiding "Netscape" itself like the plague. http://home.infionline.net/~pickyperkins/pi.gif

PickyPerkins,

I use Netscape Communicator 4.79 and I only use it for email. I use IE as my browser.

BLUE SKY THINKER

I think I am getting a little confused too. If you like I could sent you two emails, one with a test file ending in .txt and another with a test file ending in .txt.pif to see what happens. (Do not worry, I will create the .txt.pif myself with notepad and it will just be one line of text inside.)

That way we will know what your email program does with each file type.

Take Care,

Richard

Richard.....

Sorry for confusion (me I'm sure!).

I'll take you up on your offer and have e-mailed you my address.

Thanks for your help.

BST

BLUE SKY THINKER,

Both emails have been sent to you. Let us know what happens.

Take Care,

Richard

Richard.....

Thanks for e-mail's.

Your test results appear as you expected; i.e., I can read text in the .txt, but not the .txt.pif. However, in my defence, re. 'confusion', I'm still getting oddities recreating the test from my end, even using your attachments.

I'll e-mail you these, rather than bore everyone here.

Thanks again.

BST

BLUE SKY THINKER,

That is one mystery down. We will deal with the other one via email then. :ok:

Take Care,

Richard