Re[2]: BAV plug-ins

2002-04-09 Thread Marek Mikus 

On Tue, 9 Apr 2002, DG Raftery Sr. wrote:

> Marek> plugin of AVG for The Bat! is already created in betaversion, I'm contact
> Marek> with main AVG developer, but there are some things to solve.
> Marek> You can try it: http://www.thebat.ipex.cz/stazeni/beta/avgbat2.zip
>
> Thank you sir. Much appreciated and I will give it my best shot.

BTW Configuration dialog doesn't work yet.

-- 

Marek Mikus
Czech Support of The Bat!
http://www.thebat.ipex.cz



_
Archives   : http://tbbeta.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
Unsubscribe: mailto:[EMAIL PROTECTED]
Bugs/Wishes: https://bt.ritlabs.com/

Re[2]: BAV plug-ins

2002-04-09 Thread DG Raftery Sr. 

-BEGIN PGP SIGNED MESSAGE-
Hash: MD5

Tuesday, April 09, 2002
10:12:35 AM
RE: "BAV plug-ins"

Greetings Marek,

On Tuesday, April 9, 2002, 6:50:26 AM, you wrote:

Marek> plugin of AVG for The Bat! is already created in betaversion, I'm contact
Marek> with main AVG developer, but there are some things to solve.
Marek> You can try it: http://www.thebat.ipex.cz/stazeni/beta/avgbat2.zip

Thank you sir. Much appreciated and I will give it my best shot.

Thanks again.

- --
Regards,
 DG Raftery Sr.

The box said: Win95 or better required...so I installed Linux.

-BEGIN PGP SIGNATURE-
Version: 2.6

iQEVAwUAPLL3SGaEPHoZkrdjAQEM8Qf+LdU7311ZrRx7U7k8DUfeJjLw2Pn5gpp1
tuE85YiFe+EYav/qTN5VWuLqus2hJQwW/SfmFETCqFW/uXFz/UDpNOmGAUleVOJm
LXCYGzwkX4XxQ0uFRXb4YtvyyTVz9bD2GqjAsz8z0S+tpkIe7DcvXk2mzX4vzGof
MZT/O1sPczyxKh7oAHUqTEKxdPl5M/Ou4388IaX8ypIOvWcUXX6L0F10ngoQPyCx
+4mP8Lh3gyjx0JExFBiWigbKG3c4OeEIguxvUJS7Z5Xf8jS4APxA67Hn0pVF6qs6
UIriiK2p01ROpzOgclJlBSIoOfetOdEIB6kP4IBZX26I3FAHHFUcJg==
=vm2l
-END PGP SIGNATURE-


_
Archives   : http://tbbeta.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
Unsubscribe: mailto:[EMAIL PROTECTED]
Bugs/Wishes: https://bt.ritlabs.com/

Re[2]: BAV plug-ins

2002-04-09 Thread Joseph N. 

Jacek, is your experience with using a TB! plug-in for NOD32?

I use NOD32's POP3 scanner between TB! and my POP3 server.  It's
quick, and it doesn't quit upon finding no viruses.  When there is a
virus found, a large dialog box pops up with identifying information
about the email (sender and subject and, possibly, date); the name of
the malicious code; and some choices.

JN

 Jacek Wojaczynski wrote on Tuesday, April 09, 2002:

> On Tuesday, April 9, 2002 Stefan Tanurkov wrote:

>>   We've made several BAV plug-ins, they are working using a particular
>>   Anti-virus' command line interface. They are available from
>>   ftp://ftp.ritlabs.com/pub/the_bat/bav
>>   Please test them. 95 versions were not tested, so your comments are
>>   welcome :-)

> OK. I just downloaded free 25-day trial of nod32 for Win9x.

> When there is no virus found by nod32 it simply quits.
> Although in TB! I get some strange info (attached message).

> PS. Don't know what happens when there is a virus in a file.
> Don't have any at the moment. Could someone, please, send me
> some virus?

> regards,


_
Archives   : http://tbbeta.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
Unsubscribe: mailto:[EMAIL PROTECTED]
Bugs/Wishes: https://bt.ritlabs.com/

Re: BAV plug-ins

2002-04-09 Thread Daniel Friedmann 

Hello John,

> Try a test virus, used for this purpose at
> http://www.rexswain.com/eicar.html

I finally managed to get that file sent to me. The Sophos plugin works
indeed. ;-)
Now I have one new folder called "Quarantine" in my account and have
also received a warning mail automatically generated by TB!. Great!
Only that popup text window gets on my nerves. Hopefully this will be
changed in later versions of the plugin.

-- 
Regards,
Daniel

http://www.daniel-friedmann.de

The Bat! 1.60d, Windows 2000 Professional, Service Pack 2


_
Archives   : http://tbbeta.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
Unsubscribe: mailto:[EMAIL PROTECTED]
Bugs/Wishes: https://bt.ritlabs.com/

Re: BAV plug-ins

2002-01-25 Thread Terry L Fritts 

Lars

On Friday, January 25, 2002 1:19 PM you wrote:
L> The only problem I see is in the communication between TB! and the AV
L> program. How to tell TB! that a virus was found? Via a return code?

We use a program for our IMAIL mail server that does this very thing.
It is called Declude by Scott Perry at Computerized Horizons.
Basically we use it with both f-prot and Network Associates or
McaFfee. Normally f-prot catches everything. It is very rare that a
virus makes it to McAffee.

Imail has a hook that allows this to work.  The hook is set so that a
message is presented to the program pointed to by the hook instead of
the Queue.  Then Declude grabs the message, parses it, and presents
the file to whatever command line scanner you've configured.  Declude
waits on the response from the scanner and places the message back in
the queue if no virus is found.  If a virus is found then the message
is quarantined.  Emails can be generated to various sources then
depending upon configuration.

In my declude configuration for f-prot for instance I have a line like
this:
SCANFILE C:\F-Prot\F-Prot.exe /TYPE /SILENT /NOMEM
  /ARCHIVE /NOFLOPPY /NOBOOT /DUMB /REPORT=report.txt
VIRUSCODE 3
VIRUSCODE 6
REPORT Infection

The first and 2nd line above tells the declude program which scan
engine to call and what cmd line switches to use. The viruscode lines
tell declude the code response to expect from the scanner on finding a
virus. The REPORT line tells declude what string to look for in
report.txt to identify the virus name.

People are using this product with various cmd line scanners with
great success.

It might not hurt for TB! programmers to contact Scott Perry since
this would be a similar application as I see it.
 

Terry Fritts
the Bat! 1.54 Beta/31
Windows NT 5.0 Build 2195


-- 
_
Archives   : http://tbbeta.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
Unsubscribe: mailto:[EMAIL PROTECTED]
Wish List  : http://wish.thebat.dutaint.com
BugTraq: https://bt.ritlabs.com/

Re: BAV plug-ins

2002-01-25 Thread Alastair Scott 

On 25 January 2002 at 09:11 Den wrote:

> Hello.


> GMM> I have tested many AVP releases with the bat. For me it only worked with
> GMM> AVP 3.5.1.3 Platinum (although it may works with Gold or Std)

> What file is necessary for connection AVP to The BAT! ?

We may find out eventually ;)

>From what I understand the author(s) of each virus checker will have
to write an plugin to TB! via an interface which is not currently
freely available.

Awkward question: even when it does become available, do the authors
and users of TB! collectively have enough clout to get the plugins
written? (I shall be on the email to F-Prot, but one swallow does not
make a summer :)

I can see the point of the plugin (the virus is caught even before the
window containing the attachment icon is drawn, thus not giving the
user a chance to click on it and ignore all the warnings) but am
worried about the mechanics of implementing it to any extent.

Alastair


-- 
Alastair Scott (London, United Kingdom)
Using Windows XP and The Bat! 1.54 Beta/31


-- 
_
Archives   : http://tbbeta.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
Unsubscribe: mailto:[EMAIL PROTECTED]
Wish List  : http://wish.thebat.dutaint.com
BugTraq: https://bt.ritlabs.com/

Re: BAV plug-ins

2002-01-25 Thread Lars Geiger 

Hi Terry,
On Friday, January 25, 2002 at 13:09:49 [GMT -0600], you wrote:

TLF> Seems to me though that you'd have to parse the message and look in
TLF> the mime-segments for anything and everything that could carry a
TLF> virus, then present the parsed segment(s) as file(s) to the command
TLF> line scanner, then you'd have to know what the scanner(s) would do,
TLF> await a response(s), and then take appropriate action(s).

The MUA has to parse the mail anyway to extract all the parts of the
message, don't you think? :-)

The only problem I see is in the communication between TB! and the AV
program. How to tell TB! that a virus was found? Via a return code?

-- 
Regards,
Lars

The Bat! 1.54 Beta/31 on Windows NT 5.1 Build 2600 
 
|Lars Geiger  |  |


-- 
_
Archives   : http://tbbeta.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
Unsubscribe: mailto:[EMAIL PROTECTED]
Wish List  : http://wish.thebat.dutaint.com
BugTraq: https://bt.ritlabs.com/

Re: BAV plug-ins

2002-01-25 Thread Lars Geiger 

Hi Sergey,
On Friday, January 25, 2002 at 19:45:18 [GMT +], you wrote:

SU> This is *exactly* what I mean. Many AV checkers have command-line
SU> interface (CMI), why not use it? CMI is described in AV manuals and
SU> can be easy imlemented by most of users themselves.

I agree with you on that one. RIT could provide a standard plugin for
use with scanners without separate plugin via a command line. (Stefan?)
;-)

But I'm not sure if I would drop the transparent scanning of NAV 2002 of
incoming and outgoing messages for this one. :-)

-- 
Regards,
Lars

The Bat! 1.54 Beta/31 on Windows NT 5.1 Build 2600 
 
|Lars Geiger  |  |


-- 
_
Archives   : http://tbbeta.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
Unsubscribe: mailto:[EMAIL PROTECTED]
Wish List  : http://wish.thebat.dutaint.com
BugTraq: https://bt.ritlabs.com/