subject:"BAT7382.TMP"

Re: BAT7382.TMP

2000-05-09 Thread Thomas Fernandez


Hi Andrey,

On Wed, 10 May 2000 00:04:21 +0400GMT (10/05/2000, 04:04 +0800GMT),
Andrey G. Sergeev (AKA Andris) wrote:

TF>> FETCH - could not store message (file name - C:\WINDOWS\TEMP\BAT7382.TMP)

AGSAA> If you are using some antivirus software such as PC-Cillin in the
AGSAA> monitor mode The Bat! may not be able to store any message containing a
AGSAA> probably malicious code (in other words, write to or read from some
AGSAA> file) to your disks. If so, TB! informs you about I/O error by writing
AGSAA> the string quoted above to the log file. Of course the whole I/O
AGSAA> operation couldn't be completed.

I think that behaviour is very good.

AGSAA> I think that the offending file doesn't contain a probably
AGSAA> dangerous code at all - because PC-Cillin _prevented_ TB! to
AGSAA> write it into. Instead of that there may be some garbage in
AGSAA> this file - you can _safely_ *view* it in any program like
AGSAA> Notepad, FAR, Hiew etc.

The file DID contain TROJ-PRETTY-PARK. I deleted it already, so I
cannot view it any more.

AGSAA> My opinion as a system administator is: don't worry _too_ much about
AGSAA> this issue - unless you manually _execute_ this .tmp file you have no
AGSAA> ways to infect your system.

Thanks for your valued professional opinion. But as a layman, I keep
PC-Cillin in the monitor mode, and I keep recommending it to everybody
who doesn't have a firewall. Even if viruses don't execute unless you
actually invoke execution manually, I wouldn't be too happy having
them on my HD without me even knowing about it. ;-)

-- 

Cheers,
Thomas.  

Message reply created with The Bat! 1.42c
under Chinese Windows 98 4.10 Build 1998  
on a Pentium II/350 MHz.



-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   <mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
   <mailto:[EMAIL PROTECTED]>
--

You are subscribed as : archive@jab.org

Re: BAT7382.TMP

2000-05-09 Thread Marck D. Pearlstone


Hi Jason,

On 09 May 2000 at 10:20:26 GMT -0700 (which was 18:20 where I
live) [EMAIL PROTECTED] wrote and made these points on the subject
of "BAT7382.TMP":

>> If the file is externally saved in the attachments folder then it will
>> appear  as  a  named  file  in  the artificial X-BAT-FILES header so a
>> message search for the named file in headers should find it.

> Won't that only be true if a Bat user sent the message?

No.  It's  an  artificial header inserted into the received mail as an
internal  note  of  where  the attachment was stored. Actually, I've a
sneaky  suspicion  that this has changed and is no longer the case for
the new 1.42 message base design. :-(

-- 
Cheers,
.\\arck

Marck D. Pearlstone, Consultant Software Engineer
Moderator TBUDL / TBBETA
www: http://www.silverstones.com
PGP key: <mailto:[EMAIL PROTECTED]?Body=GET%20MARCKKEY>

*---
| Using The Bat! 1.42c S/N 14F4B4B2
| under Windows 98 4.10 Build 1998  
*---

-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   <mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
   <mailto:[EMAIL PROTECTED]>
--

You are subscribed as : archive@jab.org

Re: BAT7382.TMP

2000-05-09 Thread Andrey G. Sergeev (AKA Andris)


Hello!


Tuesday, May 09, 2000, 21:42, Thomas Fernandez <[EMAIL PROTECTED]> wrote:

TF> FETCH - could not store message (file name - C:\WINDOWS\TEMP\BAT7382.TMP)

If you are using some antivirus software such as PC-Cillin in the
monitor mode The Bat! may not be able to store any message containing a
probably malicious code (in other words, write to or read from some
file) to your disks. If so, TB! informs you about I/O error by writing
the string quoted above to the log file. Of course the whole I/O
operation couldn't be completed. I think that the offending file doesn't
contain a probably dangerous code at all - because PC-Cillin _prevented_
TB! to write it into. Instead of that there may be some garbage in this
file - you can _safely_ *view* it in any program like Notepad, FAR, Hiew
etc.

My opinion as a system administator is: don't worry _too_ much about
this issue - unless you manually _execute_ this .tmp file you have no
ways to infect your system.


-- 

Best regards,

Andrey G. Sergeev (AKA Andris) http://www.andris.msk.ru/

-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   <mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
   <mailto:[EMAIL PROTECTED]>
--

You are subscribed as : archive@jab.org

Re: BAT7382.TMP

2000-05-09 Thread Thomas Fernandez

Hallo Jason and Marck,

On Tue, 9 May 2000 17:42:12 +0100 GMT (10.05.2000, 00:42 +0800 GMT),
Jason wrote:

>>> PC-Cillin tells me that the file BAT7382.TMP is infected. Now I would
>>> like to inform the sender (or rather, the owner of the computer that
>>> sent me this file) that his box is infrected. How do I find out to
>>> which email this attachment (I guess) belonged?

>> First thing to come to mind: Search through your messages for those
>> with attachments and received on the same day as the timestamp on
>> that TMP file.

Time stamp - I should have thought of that. So I went through all my
accounts, and each folder, but still couldn't find any message with a
corresponding time stamp. Then Marck's message came in:

MDP> If the file is externally saved in the attachments folder then it will
MDP> appear  as  a  named  file  in  the artificial X-BAT-FILES header so a
MDP> message search for the named file in headers should find it.

Maybe. The file name in the X-FILES, sorry: X-BAT-FILES, will be the
same as the attachment name, not a BAT.TMP name.

Further assiduous search by any means possible revealed that the log
of my work account contains the following line:

FETCH - could not store message (file name - C:\WINDOWS\TEMP\BAT7382.TMP)

Since I "leave messages on server" on my work account when I'm at
home, I looked into what is still there (dispatch messages on server)
and found the offending message. It was not in the Inbox of that
account and thus had not been downloaded at all! The .TMP file is
quarantined on my PC, so I believe TB decided not to download, or list
the message in the message list of the Inobx, as TB could not store it
(or the attachment) where it wanted to.

Anyway, I deleted the message from the server and the quarantined
virus file from my windows\temp directory, and I conclude the
cooperation of TB and PC-Cillin was quite nice. Even though the visual
output did not help me find the source at first.

-- 

Cheers,
Thomas mailto:[EMAIL PROTECTED]

Message reply created with The Bat! 1.42c
under Chinese Windows 98 4.10 Build 1998 
using an Intel Celeron 366Mhz, 128MB RAM

-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   <mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
   <mailto:[EMAIL PROTECTED]>
--

You are subscribed as : archive@jab.org

Re[2]: BAT7382.TMP

2000-05-09 Thread Jason Thompson


Hello Marck and Bat Buddies...

> If the file is externally saved in the attachments folder then it will
> appear  as  a  named  file  in  the artificial X-BAT-FILES header so a
> message search for the named file in headers should find it.

Won't that only be true if a Bat user sent the message?

-- 
Unequivocally,
Jason Thompson
[EMAIL PROTECTED]

The Bat! v1.42c Win98



-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   
To Unsubscribe from TBUDL, double click here and send the message:
   
--

You are subscribed as : archive@jab.org

Re: BAT7382.TMP

2000-05-09 Thread Marck D. Pearlstone


Hi Jason,

On 09 May 2000 at 09:19:54 GMT -0700 (which was 17:19 where I
live) [EMAIL PROTECTED] wrote and made these points on the subject
of "BAT7382.TMP":

>> PC-Cillin tells me that the file BAT7382.TMP is infected. Now I would
>> like to inform the sender (or rather, the owner of the computer that
>> sent me this file) that his box is infrected. How do I find out to
>> which email this attachment (I guess) belonged?

> First thing to come to mind: Search through your messages for those
> with attachments and received on the same day as the timestamp on
> that TMP file.

If the file is externally saved in the attachments folder then it will
appear  as  a  named  file  in  the artificial X-BAT-FILES header so a
message search for the named file in headers should find it.

-- 
Cheers,
.\\arck

Marck D. Pearlstone, Consultant Software Engineer
Moderator TBUDL / TBBETA
www: http://www.silverstones.com
PGP key: <mailto:[EMAIL PROTECTED]?Body=GET%20MARCKKEY>

*---
| Using The Bat! 1.42c S/N 14F4B4B2
| under Windows 98 4.10 Build 1998  
*---

-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   <mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
   <mailto:[EMAIL PROTECTED]>
--

You are subscribed as : archive@jab.org

Re: BAT7382.TMP

2000-05-09 Thread Jason Thompson


Hello Thomas and Bat Buddies...

> PC-Cillin tells me that the file BAT7382.TMP is infected. Now I would
> like to inform the sender (or rather, the owner of the computer that
> sent me this file) that his box is infrected. How do I find out to
> which email this attachment (I guess) belonged?

First thing to come to mind: Search through your messages for those with
attachments and received on the same day as the timestamp on that TMP file.

-- 
Unequivocally,
Jason Thompson
[EMAIL PROTECTED]

The Bat! v1.42c Win98



-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   <mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
   <mailto:[EMAIL PROTECTED]>
--

You are subscribed as : archive@jab.org

BAT7382.TMP

2000-05-09 Thread Thomas Fernandez


Hello TBUDL!

my virus scanner just found the Pretty Park virus attached to an
email. I have my TB set on automatic checking while I'm web browsing.

PC-Cillin tells me that the file BAT7382.TMP is infected. Now I would
like to inform the sender (or rather, the owner of the computer that
sent me this file) that his box is infrected. How do I find out to
which email this attachment (I guess) belonged?

-- 

Ciao,
Thomas  mailto:[EMAIL PROTECTED]

Generated with The Bat! 1.42c
under Chinese Windows 98 4.10 Build 1998  
using an Intel Celeron 366 Mhz, 128MB RAM



-- 
--
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
   <mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
   <mailto:[EMAIL PROTECTED]>
--

You are subscribed as : archive@jab.org

Re: BAT7382.TMP

Re: BAT7382.TMP

Re: BAT7382.TMP

Re: BAT7382.TMP

Re[2]: BAT7382.TMP

Re: BAT7382.TMP

Re: BAT7382.TMP

BAT7382.TMP

8 matches

Site Navigation

Mail list logo

Footer information