Re: Antivirus
Hallo Gunivortus, On Wed, 23 Jun 2010 11:06:34 +0200GMT (23-6-2010, 11:06 , where I live), you wrote: GG Is there something similar for antivirus? F.i. a specific plugin for The Bat? AVG has a plugin for TB, there used to be sevral others, but I don't switch virus scanners every day, so I'm not uto date for the rest. -- Groetjes, Roelof Pride is what we have. Vanity is what others have. http://www.voormijalleen.nl/ The Bat! 5.0.0.8 ALPHA Windows Vista 6.0 Build 6002 Service Pack 2 6 pop3 accounts, 1 imap account OTFE enabled Quad Core 2.4GHz 4 GB RAM pgpjIB93j7di4.pgp Description: PGP signature Current version is 4.2.23 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello tb...@thebat., Wednesday, June 23, 2010, 7:06:34 PM, you wrote: GG Hil, GG The antispamsniper workst pretty well together with The Bat. It has even HAM and GG SPAM buttons. GG Is there something similar for antivirus? F.i. a specific plugin for The Bat? You may find that your antivirus protects you even if it is not specifically linked to the Bat. I use Avast and it seems to give protection for email. If you don't want a separate antivirus, Comodo has a full security suite including antivirus etc. -- Paul - Using The Bat! v4.2.36.4 on Windows XP 5.1 Build 2600 Service Pack 3 ...Make Headlines -- Use a corduroy pillow. Current version is 4.2.23 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hi Paul, GG The antispamsniper workst pretty well together with The Bat. It has even HAM and GG SPAM buttons. GG Is there something similar for antivirus? F.i. a specific plugin for The Bat? You may find that your antivirus protects you even if it is not specifically linked to the Bat. I use Avast and it seems to give protection for email. If you don't want a separate antivirus, Comodo has a full security suite including antivirus etc. Yes I know, I've used both some stand-alone antivirus tools and complete security suites. The last one was the PCTools Internet security. When they detect a virus, it's often moved to some quarantaine directory. If I wants to know more, I've to minimize TB, open the antivirus software and search for the quarantaine items. With a TB-plugin, it can all kept inside TB, f.i. forwarded to 'self', etc. Then I can check much easier and faster who and what. An hour ago I started testing the (free) Open Source Clamwin antivirus program and the TBClamWin plugin. -- Regards, Gunivortus Using The Bat Vs. 4.2.33.1 Beta under Windows 7, 32 bit Current version is 4.2.23 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus plugins for Nod32?
Hello Marek, Tuesday, June 14, 2005, 10:46:54 PM, you wrote: You don't need plugin for NOD32, if You don't want to check - digitally signed/encrypted messages - partially downloaded messages (message splitted to more parts) - messages downloaded via secured connection (SSL/TLS) in these cases, IMON is not able to check messages and only way to do this is use plugin developed by Ritlabs, which is in beta stage now. You can download it here for example: http://www.thebat.cz/stazeni/beta/nod32.rar (50kB) Thanks. Ill have to follow up on the link. -- Best regards, Darrin smime.p7s Description: S/MIME Cryptographic Signature Current version is 3.5.25 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus plugins for Nod32?
Hello Darrin, Tuesday, June 14, 2005, 8:20:02 PM, you wrote: Hello TBUDL, I use Nod32 and wondering if there were plugins for the AV part of TB!. I was reading this http://www.wilderssecurity.com/showthread.php?t=39002highlight=thebat and it looks like its not needed after all with TB! Which is good. Do you fellow TB users here agree? -- Best regards, Darrin smime.p7s Description: S/MIME Cryptographic Signature Current version is 3.5.25 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: AntiVirus / X Header Question
On Sunday, July 4, 2004, 21:56:09, Mike Dillinger wrote: I have uninstalled Symantec completely (LiveReg, LiveUpdate, NAV, etc). Yet I still see this header. It's possible that your ISP has Symantec on their server - you seem to be posting from rr.com, and as far as I can see, other posts coming through rr.com have the same header. -- Jernej Simoncic http://deepthought.ena.si/ for personal mail, replace guest.arnes.si with isg.si No matter which book you need, it's on the bottom shelf. -- Law of Libraries Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus problem noted and solved
Hello Bill, On Fri, 19 Mar 2004 06:34:49 -0500 GMT (19/03/2004, 18:34 +0700 GMT), Bill Blinn - Technology Editor wrote: BBTE This morning I received a message from a friend who began using The BBTE Bat after reading my recommendation of it. Here it is, edited BBTE slightly. [...] It took a while to persuade the Vet support crew that it really was as bad as I said but eventually after many emails, I got a phone call from them, and the answer was actually created while I hung on and listened in as he described step by step what he was doing -- files in the Bat's temp file name format in the temp folder being in an exclusion list in the XP Registry. The tech support from Vet seems exceptional - they even called and ran the user through the steps. The lesson we learn is that it is a good idea to exclude the temp file from any real-time virus scan. Good advice, IMHO. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Who the hell wants to hear actors talk? -- H.M. Warner, Warner Brothers, 1927. Message reply created with The Bat! 2.04.7 under Chinese Windows 98 4.10 Build A using a Pentium P4 1.7 GHz, 256MB RAM Current version is 2.04.7 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus question
Sat, 19 Jul 2003 00:57:35 [GMT +0100] (6:57 PM EST Fri here) Marck D Pearlstone wrote: RA Does TB have its own built-in virus-checking engine? If not, is RA a separate engine required? No and yes. TB has an interface for BAV (Bat Anti-Virus) plug ins. Any AV software for which there is a BAV available can be used. See here: ftp://www.ritlabs.com/pub/the_bat/bav/ Ritlabs doesn't seem to accept anonymous login. am I missing something? Using The Bat! v2.02.3 CE on Windows 2000 5.0 Build 2195Service Pack 4 -- Daniel A. Grunberg Kensington, Maryland, USA homepage: www.nyx.net/~dgrunber/ Current version is 2.02.3 CE | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus question
Hi Dan, @31-Dec-2003, 09:48 -0500 (31-Dec 14:48 UK time) Dan Grunberg [DG] in mid:[EMAIL PROTECTED] said to Marck: No and yes. TB has an interface for BAV (Bat Anti-Virus) plug ins. Any AV software for which there is a BAV available can be used. See here: ftp://www.ritlabs.com/pub/the_bat/bav/ DG Ritlabs doesn't seem to accept anonymous login. am I missing DG something? Yes. Time. That message was before they moved to a new, more secure server. The FTP site did not survive the transition. I have no idea where the BAV files are available from now. -- Cheers -- .\\arck D Pearlstone -- List moderator TB! v2.03 Beta/25 on Windows XP 5.1.2600 Service Pack 1 ' pgp0.pgp Description: PGP signature Current version is 2.02.3 CE | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus question
Wed, 31 Dec 2003 08:24:42 [GMT -0800] (11:24 AM EST here) Darrin wrote: Hi, On Wednesday at 8:08 AM you wrote: GI you can find them here GI http://www.thebatworld.de/modules/download/index.php?op=viewslinksid=6 How do you get it to work with with TB!? I cant read the language on the site. Thanks You might want to use http://translation1.paralink.com/ Happy New Year Using The Bat! v2.02.3 CE on Windows 2000 5.0 Build 2195Service Pack 4 -- Daniel A. Grunberg Kensington, Maryland, USA homepage: www.nyx.net/~dgrunber/ Current version is 2.02.3 CE | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus question
Hi Rafi, On Fri, 18 Jul 2003, at 18:10:56 [GMT -0500] (which was 09:10 where I live) you wrote: Does TB have its own built-in virus-checking engine? If not, is a separate engine required? Not really neaded if you run PC-Cillin which catches the viruses quite ok. -- John Phillips, Sydney, Australia Using The Bat! v1.62r on Windows XP 5.1 Build 2600 Service Pack 1 A problem can be found for almost every solution. Current version is 1.62r | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus question
Rafi, Friday, July 18, 2003, 4:10:56 PM, you wrote:== RA Hello all, RA Using TB 1.62r Windows 2000 Pro SP2. RA Does TB have its own built-in virus-checking engine? If not, is a RA separate engine required? RA I am thinking of using the Kaspersky (either Personal Pro or Small RA Business versions) - is this tool compatible with TB? Does anyone RA know if it offers/uses periodically updated virus info files? RA Alternately, can McAffee VirusScan be used and how? RA Many thanks in advance and best regards RA Current version is RA 1.62r | Using TBUDL information: RA Rafi, Grisoft's free-for-personal-use AVG runs fine with The Bat! on my Windows 98SE systems. It's stopped quite a few viri (viruses???). Steve . . . Current version is 1.62r | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus question
Hello Rafi! On Friday, July 18, 2003, 6:10 PM, you wrote: R Does TB have its own built-in virus-checking engine? If not, is a R separate engine required? To my knowledge, it does not. However, the ability to delete questionable mails on the server through the Connection Centre is really helpful, I think. R I am thinking of using the Kaspersky (either Personal Pro or Small R Business versions) - is this tool compatible with TB? Does anyone R know if it offers/uses periodically updated virus info files? I have used Kaspersky Personal Pro for almost 8 months now. It offers updated virus-protection files daily, and sometimes several times a day. You can set it to check automatically at a time of your choosing, or update manually with a couple of mouse clicks. It includes a plug-in for The Bat! You have to enable the plug-in through TB!'s settings. But that's simple. Just go to Options/Virus Protection in the main window for the dialogue window to do this. When I accidentally started to download a message attachment containing SoBig a couple of months ago, Kaspersky AV brought the download to a halt and gave me a loud audible and a visual warning before it was halfway to my machine. Needless to say, I was grateful! R Alternately, can McAffee VirusScan be used and how? I had some difficulties with Mcafee last year. I like Kaspersky better. -- Best regards, Mary The Bat! 1.61 on Windows XP 5.1 2600 Service Pack 1 Current version is 1.62r | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus question
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Rafi, @18-Jul-2003, 18:10 -0500 (00:10 UK time) Rafi Avital [RA] in mid:[EMAIL PROTECTED] said: RA Does TB have its own built-in virus-checking engine? If not, is RA a separate engine required? No and yes. TB has an interface for BAV (Bat Anti-Virus) plug ins. Any AV software for which there is a BAV available can be used. See here: ftp://www.ritlabs.com/pub/the_bat/bav/ Also, AVG have BAV support. RA I am thinking of using the Kaspersky (either Personal Pro or RA Small Business versions) - is this tool compatible with TB? Kaspersky support is built in - enjoy! - -- Cheers -- .\\arck D Pearlstone -- List moderator TB! v1.63 Beta/11 on Windows XP 5.1.2600 Service Pack 1 -BEGIN PGP SIGNATURE- Version: PGPsdk version 1.7.1 (C) 1997-1999 Network Associates, Inc. and its affiliated companies. iQA/AwUBPxiJcTnkJKuSnc2gEQK4qwCZAWtH01Ppifoq9600xbCOlYZO8A4An20+ s3QjRh0qk/LUtVmh4GFuTE9C =XhcJ -END PGP SIGNATURE- Current version is 1.62r | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus question
Hello Philip, On Sat, 19 Jul 2003 00:52:13 +0100 GMT (19/07/03, 06:52 +0700 GMT), Philip Storry wrote: Viruses. Virii is more commonly used in the virus writing and magazine community. You have just enlightened me. If you want to be taken seriously by those who are in the anti-virus industry, use the word viruses - not virii. Some of them get snippy about it. ;-) But wouldn't the plural of virus be viri - not virii? And I would think that viri are those little thingies in medical science that makes you sick, like the flu virus. Oh, and before I hear fish flying: f'up2tbot. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. ...und wir gingen mit unserer Lehrerin im Park spazieren. Gegenueber dem Park war ein Haus, wo die Muetter ihre Kinder gebaeren. Eine Gebaermutter schaute aus dem Fenster und winkte uns freudig zu. Message reply created with The Bat! 1.63 Beta/5 under Chinese Windows 98 4.10 Build A using a Pentium P4 1.7 GHz, 128MB RAM Current version is 1.62r | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello Mike, On Fri, 7 Mar 2003 02:19:52 + GMT (07/03/03, 09:19 +0700 GMT), Mike Alexander wrote: Hmm, German North Sea? I thought we'd decided that wasn't correct in 1916 ;-) I take it you mean the area us Brits call the German Bight?? Maybe. I was referring to the Nordseekueste. Probably German Bight is the correct translation, I didn't mean to bring up any nationalisms, only tried to be geographically correct - blame it on my poor English! -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Dates are for having fun, and people should use them to get to know each other. Even boys have something to say if you listen long enough. (Lynnette, age 8) Message reply created with The Bat! 1.63 Beta/5 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
On 06 March 2003, 09:00, Mark Partous wrote: According to Webster's the plural is viruses. The Oxford Illustrated does not mention a plural form. ~~~ Oxford Reference Shelf, Science volume (circa 1999) repeatedly uses viruses as the plural. So, lexicographers on both sides of the pond appear to agree. HTH, -- Geoff Lane Cornwall, UK -- Using The Bat! v1.62i on Windows XP 5.1 Build 2600 Service Pack 1 UK and USA, two countries divided by a common language Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
On Wednesday, March 5, 2003, 9:20 PM, you wrote: TF One question to those people who said ion an earlier thread they don't TF use virus scanners but rely on common sense: how do you tell whether TF a .doc file has a macro virus if you don't use a virus scanner? Do you TF open the file in hex editor and scan with your eyes? If so, I admire TF you if you can spot the code faster than a virus scanner. In fact, I TF think you could make a lot of money on TV shows like Ripley's Believe TF it or not. ;-) just lately I have gotten a virus in email, and AVG found a virus in my system restore folder!! The email virus was obviously from someone who had their addressbook hijacked, I didn't know the sender. It was one of those cute here is a new program, you are the first to try it... As for common sense, I get emails from people I KNOW, that have attachments, but I'd STILL never open them without AVG checking it! -- Paul Using The Bat! v1.63 Beta/5 on Windows XP 5.1 Build 2600 Service Pack 1 Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello Mark Thank you for your email dated Thursday, March 6, 2003, 9:50:36 AM, in which you wrote: MP Thursday, March 6, 2003, 4:25:56 AM, you wrote: MP the fuzz Que? Money? You pay peanuts, you get monkeys. -- Regards William www.residues.info Flying with The Bat! www.ritlabs.com/the_bat Windows 2000 Pro 2195 Service Pack 2 Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hi William, Thursday, March 6, 2003, 6:59:01 AM, you wrote: MP the fuzz Que? Money? You pay peanuts, you get monkeys. I think Mark means fuss, rather than fuzz. Of course, I could be wrong. :) -- Best regards, Kim Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello Mark, Thursday, March 6, 2003, 3:00:55 AM, you wrote: Actually, no anti-virus will catch any virii, because virii isn't even a word. :-) Viruses is the proper plural form of virus. MP Actually, virus is a Latin word and the one and only plural(*)(in Latin) is: MP tadaa MP VIRI MP People who talk about virii try to make a plural of a plural. :-) Heh!! I believe my post inadvertently started this discussion.g Actually, the 'accepted' plural for 'computer virus' is 'computer viruses'... but I prefer to use virii... a) because it looks cool, and b) because it is used a lot among virus and malscript authors. I hadn't intended to start an off-topic debate. -wittig http://www.robertwittig.com/ A business is as honest as its advertising. . Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello Thomas,
On or about Wednesday, March 05, 2003 at 09:20:07GMT +0700 (which was
9:20 PM in the tropics where I live) Thomas Fernandez posted:
TF One question to those people who said ion an earlier thread they
TF don't use virus scanners but rely on common sense: how do you
TF tell whether a .doc file has a macro virus if you don't use a
TF virus scanner? Do you open the file in hex editor and scan with
TF your eyes? If so, I admire you if you can spot the code faster
TF than a virus scanner. In fact, I think you could make a lot of
TF money on TV shows like Ripley's Believe it or not. ;-)
I simply run MS Office [SPIT!] apps in {DEFAULT} macros disabled! Very
simple! Besides, only ONE person has ever sent me a *.DOC or *.XLS
document. He uses NAV, so I trust HIS A/V setup, since I configured it
for him :^)
If I do get such in the future from an un-trusted source, I will save
it to a floppy and scan it on my 'condom-ized' stand-alone system
first. It runs WIN2K and NAV _only_ and just for such occasions. I
keep a complete 'Ghost' of this system on a bootable restore CD to
restore it in the unlikely event that it gets trashed.
I volunteer in a computer recycling effort here, so I never have less
than 30-40 systems just lying around. I'll readily admit this is a
luxury some cannot afford. Almost everyone I know has at least one
'old system' lying around, and I happily set them up a sacrificial
system if the wish to avoid the performance penalties of A/V software
on their everyday machine. That plus education is the best defense.
--
Warmest tropical wishes,
Spike
Expenditures always rise to meet or exceed income.
/\ ASCII Ribbon Campaign - Against HTML Mail
\ / If it aint a webpage it shouldn't be HTML.
XSay NO! to bloatmail - ban HTML mail!
/ \ Ask Spikey, he hates everything (HTML).
--
Using TheBat! v1.62i hamstrung by Windows XP 5.1
Build 2600 Service Pack 1'
--
Current version is 1.62 | Using TBUDL information:
http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello Spike,
On Thu, 6 Mar 2003 10:40:11 -0500 GMT (06/03/03, 22:40 +0700 GMT),
Spike wrote:
I simply run MS Office [SPIT!] apps in {DEFAULT} macros disabled! Very
simple!
Yes, but it depends on what you do outside of cyberworld. I cannot
afford disabling them, as I receive valid MS Office files with macros.
Besides, only ONE person has ever sent me a *.DOC or *.XLS document.
I know many. I get many of those files.
He uses NAV, so I trust HIS A/V setup, since I configured it
for him :^)
And you *know* that he updates it? My mother uses NAV, my sister
installed it for her 5 years ago, and I don't think she has ever
updated it. I scared her into never opening attachments, and she
hasn't been hit. Yet. ;-)
I volunteer in a computer recycling effort here, so I never have less
than 30-40 systems just lying around. I'll readily admit this is a
luxury some cannot afford.
ROTFLMAO! No, I don't happen to have 30-40 systems lying around...
--
Cheers,
Thomas.
Moderator der deutschen The Bat! Beginner Liste.
You never really learn to swear until you learn to drive.
Message reply created with The Bat! 1.63 Beta/5
under Chinese Windows 98 4.10 Build A
using an AMD Athlon K7 1.2GHz, 128MB RAM
Current version is 1.62 | Using TBUDL information:
http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello Spike S Besides, only ONE person has ever sent me a *.DOC or *.XLS S document. He uses NA Well, this is hardly realistic in the real world! I get around 20 MS Office documents daily and certainly wouldn't like to rely on such a cavalier approach to my security. -- Clive Taylor Using The Bat! v1.62i Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello Robert, On Thu, 6 Mar 2003 06:15:21 -0600 GMT (06/03/03, 19:15 +0700 GMT), Robert C Wittig wrote: MP People who talk about virii try to make a plural of a plural. :-) Actually, the 'accepted' plural for 'computer virus' is 'computer viruses'... but I prefer to use virii... a) because it looks cool, and b) because it is used a lot among virus and malscript authors. You have reasons. Unlike Latin (and Mark is perfectly correct about Latin grammar), English is a living language and changes over time. I personally prefer 'virsuses' (the word), as this is used by Trend-Micro in their newsletter, and it feels correct to me, too (not cool, but that is a matter of opinion). I am not in touch with malscript authors and don't consider them an authority on the English language, though. I hadn't intended to start an off-topic debate. Too late. I haven't seen any trouts flying lately, so let's continue until the mods wake up. ;-) -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. It's best for employers that I not work with people. Message reply created with The Bat! 1.63 Beta/5 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello rick, On Wed, 5 Mar 2003 22:25:56 -0500 GMT (06/03/03, 10:25 +0700 GMT), rick wrote: PC-Cillin is not very good. Independent testing done by virus bulletin clearly shows this. It has 4 passes and 7 failures. http://www.virusbtn.com/vb100/archives/products.xml?trend.xml IIRC Virus-Bulletin uses some really weird benchmarks, not not always the latest version of the software they are testing. LOL. I totally agree with you. These same people would probably try to sell you some prime beach front property in florida at low tide. I don't understand you. I just bought some prime beachfront property in Florida online, they had several pictures! It is really beautiful. I am going to build my retirement villa there. What's this talk about tide? They didn't mention it on the webpage, but I assure you, these people are honest. I followed every link they offered, and they really quickly with really nice emails to my questions. ;-) BTW on the German North Sea (German Bay), the beach will extend to the horizon - in all directions - at low tide. This is because the Atlantic Ocean is really flat in the area we call the Wattenmeer. Jokes about the Japanese in their property buying frenzy (before their recession started over 10 years ago) were abundant. Never before heard that kind of jokes about Florida, though. ;-) -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Thursday at 5:00 PM there will be a meeting of the Ladies Little Mothers Club. All wishing to become little mothers, please see the minister in his study. Message reply created with The Bat! 1.63 Beta/5 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello Spike,
On Thursday, March 6, 2003, 10:40:11 -0500 GMT (which was 16:40 local
time), Spike wrote:
S I simply run MS Office [SPIT!] apps in {DEFAULT} macros disabled!
S Very simple!
I use OpenOffice. Is that vurnable to these viruses, too?
S I volunteer in a computer recycling effort here, so I never have less
S than 30-40 systems just lying around. I'll readily admit this is a
S luxury some cannot afford.
I certainly can't afford it.
S Almost everyone I know has at least one 'old system' lying around,
S and I happily set them up a sacrificial system if the wish to avoid
S the performance penalties of A/V software on their everyday machine.
Well, I have only this one system. There are some old parts but not
enough to build another pc.
--
Cheers,
Andre
Wir würden vor dem
Glühwürmchen ebenso ehrfürchtig
stehen wie vor der Sonne,
wenn wir nicht an unsere
Vorstellungen von Gewicht und Maß
so gebunden wären.
Current version is 1.62 | Using TBUDL information:
http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello Melissa, On Thu, 6 Mar 2003 09:32:05 -0800 GMT (07/03/03, 00:32 +0700 GMT), Melissa Reese wrote: just lately I have gotten a virus in email, and AVG found a virus in my system restore folder!! Are you aware of this issue with System Restore and infected files? http://support.microsoft.com/default.aspx?scid=kb;EN-US;q263455 And this is user-friendly? -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Domino vobiscum. (Latin for: The pizza guy is here.) Message reply created with The Bat! 1.63 Beta/5 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Gi'day Thomas, It is established that on Friday, 7 March 2003, at 23:39:31[GMT +0700](which was 3:39 AM where I live) you wrote: BTW: Your template seems to destry to Subject header. Fixed. (I hope) - -- Cheers, Tom Sydney, Australia TB! v1.63 Beta/7 on Windows 2000 Service Pack 3 Right now I'm having amnesia and deja vu at the same time. I think I've forgotten this before. . -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1-nr1 (Windows 2000) iD8DBQE+Z7r7UwBYM1JSXk8RAlqoAKCejg9/sxAGKCv7MJZ/E0/TJ/ysSwCgh0ib izFpa1RkZ/yn2ttlOGlYQnQ= =kqEq -END PGP SIGNATURE- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
On Thursday, March 6, 2003, 12:39 PM, you wrote: Are you aware of this issue with System Restore and infected files? http://support.microsoft.com/default.aspx?scid=kb;EN-US;q263455 TF And this is user-friendly? so who said Micro$oft was EVER user friendly!! -- Paul Using The Bat! v1.63 Beta/5 on Windows XP 5.1 Build 2600 Service Pack 1 Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
On Thursday, March 6, 2003, 12:32 PM, you wrote: MR Are you aware of this issue with System Restore and infected files? no I wasn't, BUT I AM NOW!!! thanks! avg found a virus 2 days in a row in the system restore folder. If it happens tonight, I will probably turn off restore, run AVG the next night, then turn it back on. -- Paul Using The Bat! v1.63 Beta/5 on Windows XP 5.1 Build 2600 Service Pack 1 Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello rick, On Thu, 6 Mar 2003 14:03:58 -0500 GMT (07/03/03, 02:03 +0700 GMT), rick wrote: TF IIRC Virus-Bulletin uses some really weird benchmarks, not not always TF the latest version of the software they are testing. I don't understand what you mean with this statement. If I am correct virus bulletin uses the anti-virus product that EACH company submits on their own. They say abot their own tests: A VB 100% award means that a product has passed our tests, no more and no less. The failure to attain a VB 100% award is not a declaration that a product cannot provide adequate protection in the real world if administered by a professional. We would urge any potential customer, when looking at the VB 100% record of any software, not simply to consider passes and fails, but to read the small print in the reviews. Anyway, we had this disucssion about Virus-Bulletin some time ago, on this list or on TBOT. Their test is somewhat unusual IIRC. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Hilf einem Freund in der Not und er wird sich an dich erinnern, wenn er wieder in Not ist. Message reply created with The Bat! 1.63 Beta/5 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
On Thursday, March 06, 2003 at 18:42:28GMT -0800 (which was 9:42 PM where I live) Melissa Reese wrote and made these points on the subject of Antivirus: MR On Thursday, March 06, 2003, at 6:21:42 PM PST, Mike Alexander wrote: Hey, it's for Windows ME and that dog has never been friendly - or workable ;-) MR A minor defense of WinME... SNIPPAGE MR Without getting into a discussion of the stability of NT/2000/XP, most MR people who recommend against WinME will claim that Win98/SE is more MR stable than WinME. Obviously, this has not been my experience...not MR even close. Any anti-ME experts out there care to explain this to me? All I can say is that different things work for different people. For me on my laptop, Win98SE works MUCH better than ME. In fact, WIn98SE is better than 2000/XP on it. Maybe Sony optimized the hardware for 98SE. -- Best regards, David Southern DOS: Y'all reckon? (Yep/Nope) Using The Bat! v1.62i on Windows 98 4.10 Build A Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi David, @5-Mar-2003, 14:15 -0500 (19:15 UK time) David Calvarese [DC] in mid:[EMAIL PROTECTED] said: DC Got another question, What Antivirus works really well with TB!? My personal fave is AVG. Many like NOD32 for the slickness and effectiveness combination it offers. My least favourite is the bloated and over zealous NAV. - -- Cheers -- .\\arck D Pearlstone -- List moderator TB! v1.63 Beta/7 on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1rc1-nr1 (Windows 2000) iD8DBQE+Zk1tOeQkq5KdzaARAjZlAKCFZtUs1rCAm7NBwi9qCAbc0kFgqgCfWklC bWjvvG3OXx0fbTMqlpv6eHU= =8Z5T -END PGP SIGNATURE- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
On Wednesday, March 05, 2003 at 19:18:03GMT + (which was 2:18 PM where I live) Marck D Pearlstone wrote and made these points on the subject of Antivirus: MDP Hi David, MDP @5-Mar-2003, 14:15 -0500 (19:15 UK time) David Calvarese [DC] in MDP mid:[EMAIL PROTECTED] said: DC Got another question, What Antivirus works really well with TB!? MDP My personal fave is AVG. Many like NOD32 for the slickness and MDP effectiveness combination it offers. My least favourite is the MDP bloated and over zealous NAV. I agree, stay FAR FAR away from NAV. Panda is nice, but it's plugin doesn't work... Panda also updates on a daily basis. I'm using the free AVG at the moment, but it doesn't seem to update the virus definitions very often, which is a bad thing. NAV at least updates ocne a week, sometimes twice... Not that it catches things. First time I ran Panda on my PC at work, it picked up a whopping 210 infections that NAV didn't. What about Kaspersky? -- Best regards, David mailto:[EMAIL PROTECTED] There are two theories about arguing with women Neither one works. Using The Bat! v1.62i on Windows XP 5.1 Build 2600 Service Pack 1 Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi David, @5-Mar-2003, 14:23 -0500 (19:23 UK time) David Calvarese [DC] in mid:[EMAIL PROTECTED] said: DC I agree, stay FAR FAR away from NAV. Panda is nice, but it's plugin DC doesn't work... Panda also updates on a daily basis. I'm using the free DC AVG at the moment, but it doesn't seem to update the virus definitions DC very often, which is a bad thing. You can manually set the update frequency. Mine looks for new databases every day. Grisoft are pretty swift to issue new databases when new virii are released into the wild. DC NAV at least updates ocne a week, sometimes twice... Not that it DC catches things. First time I ran Panda on my PC at work, it DC picked up a whopping 210 infections that NAV didn't. Wow! DC What about Kaspersky? I've heard good stuff but never tried it myself. - -- Cheers -- .\\arck D Pearlstone -- List moderator TB! v1.63 Beta/7 on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1rc1-nr1 (Windows 2000) iD8DBQE+Zk//OeQkq5KdzaARAujaAJ45JVtQUy0HjwFUgHt2cn2YlqiXWgCg/1t/ lWM4u0DQpXj+7NQDHtNo0yE= =JXhL -END PGP SIGNATURE- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
On Wednesday, March 05, 2003 at 19:29:02GMT + (which was 2:29 PM where I live) Marck D Pearlstone wrote and made these points on the subject of Antivirus: MDP Hi David, MDP @5-Mar-2003, 14:23 -0500 (19:23 UK time) David Calvarese [DC] in MDP mid:[EMAIL PROTECTED] said: DC I agree, stay FAR FAR away from NAV. Panda is nice, but it's plugin DC doesn't work... Panda also updates on a daily basis. I'm using the free DC AVG at the moment, but it doesn't seem to update the virus definitions DC very often, which is a bad thing. MDP You can manually set the update frequency. Mine looks for new MDP databases every day. Grisoft are pretty swift to issue new databases MDP when new virii are released into the wild. Yeah, I know that I can tell it to update whenever I want... I was just concerned about how often they release updates. Panda releases an update every day, even if there is only 1 new virus. Normal update has usually had about 6 in it. So at that rate, Panda will catch 48 virii that AVG doesn't (as of today), all else being equal. -- Best regards, David mailto:[EMAIL PROTECTED] Wise men speak because they have something to say; Fools because they have to say something. - Plato Using The Bat! v1.62i on Windows XP 5.1 Build 2600 Service Pack 1 Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
-BEGIN PGP SIGNED MESSAGE- Hash: MD5 Hello James On Wed, 5 Mar 2003 14:15:07 -0500 GMT (3/5/2003, 2:15 PM -0500 GMT), David Calvarese wrote: DC Got another question, What Antivirus works really well with TB!? Kaspersky works very well. It does require the Pro version for it to function within TheBat! - -- Best Regards, James Using SecureBat! v1.62k on Windows 2000 5.0 Build 2195 Service Pack 3 -BEGIN PGP SIGNATURE- Version: 2.6 Comment: Quis custodiet ipsos custodes? JUVENAL iQEVAwUAPmZWv4EyqCvM7ZhJAQGiGQf/Q0ug/R3Ao2JSrJbb9Fq9cV/eiMNMow1U 0RA6/o/figiASbHTmPfHjWen0QwFj3eR73q6Ts1E0Rg468aIZjk1GPU7p5Q6Kru6 f/wsUP3CDLSd7AgQYz+itlIu8mlX4DWMroDE0vfEXILjt38JQtyuaV0B2jQBwa2F YWsGon9r2z1amu3ipcu5eXrZRDcefHEegVFRKlWGxJJiP9xFGTQbfrS6z3UVv35X k9cOJC4hg1ytQB/QRYeF9bKzyEjmRmHppsFWA1n47wCDxX1aTuSOi6pt2SGYjRi1 ejl47JInBqncBu2nl9o9PRRwhUNIPQ5jTYJG6f+ZTZ9i1AtEcMNw1w== =TljU -END PGP SIGNATURE- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello, DC Got another question, What Antivirus works really well with TB!? I recently switched to AVG Antivirus. It's free and it even comes with a plug-in for The Bat! See the following page for more info ... http://www.grisoft.com/html/us_avgbat.htm -- Greetings, Raf Using The Bat! v1.62i on Windows XP 5.1 Build 2600 Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday, March 05, 2003 at 14:57:44GMT -0500 (which was 2:57 PM where I live) James P. Mattern, Jr wrote and made these points on the subject of Antivirus: JPMJ Hello James JPMJ On Wed, 5 Mar 2003 14:15:07 -0500 GMT JPMJ(3/5/2003, 2:15 PM -0500 GMT), David Calvarese wrote: DC Got another question, What Antivirus works really well with TB!? JPMJ Kaspersky works very well. It does require the Pro version for JPMJ it to function within TheBat! I'll make a note of that. I'm shopping around a bit so I can get good integration. Antivirus is the last on my list now that I've got GPG and SpamPal/SpamSort working right. I'd be really happy if the Panda plugin worked, that's what I REALLY want... Other than that, I've got AVG running at the moment while I look at options. So far I've got these options, in no particular order: Wait for Panda Plugin AVG Buy NOD32 Buy Kaspersky - -- Best regards, David mailto:[EMAIL PROTECTED] Nothing is permanent except change. Using The Bat! v1.62i on Windows XP 5.1 Build 2600 Service Pack 1 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1-nr1 (Windows XP) iD8DBQE+Zl5G8BowLud/+3gRAthTAJoDuWs7eDsWEJ8xiiTUVQOU59+9OACeK11G sUGCdckAdFsl2gKeLNY+ySQ= =x8eK -END PGP SIGNATURE- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday, March 05, 2003 at 11:53:49GMT -0800 (which was 2:53 PM where I live) Melissa Reese wrote and made these points on the subject of Antivirus: MR On Wednesday, March 05, 2003, at 11:23:59 AM PST, David Calvarese MR wrote: MR Daily updates only really help if new definitions are actually MR included in those updates. New viruses are introduced often, but if a MR an a-v company produces updates every day just to satisfy a we MR update daily promise, I do sometimes wonder just what is in those MR little daily updates. That said, I had Panda Platinum for a year, and MR it seemed competent...though a bit heavier on my system than NOD32 MR (most others are heavier than NOD32). Panda does give you a summary of the new virus defs add and the total number of viruses now covered at the end of each update, if you don't turn off the notification. I'm using the free AVG at the moment, but it doesn't seem to update the virus definitions very often, which is a bad thing. MR See comments above (though I do feel that AVG has its problems, and I MR generally don't recommend it). It just feels wrong to me for some reason... A gut reaction. First time I ran Panda on my PC at work, it picked up a whopping 210 infections that NAV didn't. MR I sure hope those were just unexecuted infected files, and not 210 MR actual infections running amok through your machine! :-) 210 Actual infected files, spanning 15 viruses. Stupid NAV and stupid sister company that was sending the viruses to us. What about Kaspersky? MR KAV is very good. I used it during its 3.x series, but found that 4.x MR (at least when it was first released) slowed down my computer even MR more than 3.x (which already slowed my system much more than NOD32). MR After trying and/or using many, I'm most happy with NOD32. Wish they had a free version. I suppose I'll just have to give it a try. - -- Best regards, David mailto:[EMAIL PROTECTED] Nearly all men can stand adversity, but if you want to test a man's character, give him power. (Abraham Lincoln) Using The Bat! v1.62i on Windows XP 5.1 Build 2600 Service Pack 1 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1-nr1 (Windows XP) iD8DBQE+Zl888BowLud/+3gRAh2cAJ92wgpuNnNim2VuzdbbjiBnbZbubgCfaaWr R9xNk15qIhmUUp0VBAmStY0= =7TKt -END PGP SIGNATURE- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday, March 05, 2003 at 12:43:38GMT -0800 (which was 3:43 PM where I live) Melissa Reese wrote and made these points on the subject of Antivirus: MR On Wednesday, March 05, 2003, at 12:34:03 PM PST, David Calvarese MR wrote: Wish they had a free version. I suppose I'll just have to give it a try. MR I'm all for good freeware programs (and thankful to the generous MR programmers who offer them), but I'm also happy to pay for software if MR I feel it will do a better job than competing freeware (perhaps MR especially with regards to security software). There are free email MR clients out there. Why do we happily pay for TB!? MR Melissa I don't have any problem paying usually, money's just short right now... I'm the proudly licensed owner of just about every Windows email client except for Becky and Agent. I wouldn't mind a free limited version like AVG offers though, at least till I can afford to buy a new one. - -- Best regards, David mailto:[EMAIL PROTECTED] Life isn't about finding yourself. Life is about creating yourself. (George Bernard Shaw) Using The Bat! v1.62i on Windows XP 5.1 Build 2600 Service Pack 1 -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1-nr1 (Windows XP) iD8DBQE+ZmLO8BowLud/+3gRAq6jAJ9ozd1LYX/XG8kLKrG2psVgUi+pZACfXwuf Eq3Pgnwzb/6l0zUwJCGAYdw= =TgId -END PGP SIGNATURE- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello Marck, Wednesday, March 5, 2003, 1:18:03 PM, you wrote: MDP My personal fave is AVG. Many like NOD32 for the slickness and MDP effectiveness combination it offers. My least favourite is the MDP bloated and over zealous NAV. I have (heh) NAV... but it is not interfaced with TB. Virii seem to be less of a threat with TB. I have my client set for text mail default, and TB came with a default setting that didn't allow much of anything to run, and I don't click on anything anyway. Then, I set-up POPFile as a proxy client, to sort out spam... and I made a 'malware' bucket, too. POPFile has been scoring 100% on malware filtering since it registered its first bug... I think that malware are a lot easier for a Bayesian filter to recognise, than spam. ...might put NAV out of business, if enough people find out about it.g -wittig http://www.robertwittig.com/ A business is as honest as its advertising. . Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Wednesday, March 05, 2003 at 23:14:56GMT + (which was 6:14 PM where I live) Martin Webster wrote and made these points on the subject of Antivirus: MW Hello Robert, MW Wednesday, March 5, 2003, 10:28:35 PM, you wrote: MW snip MDP My personal fave is AVG. Many like NOD32 for the slickness and MDP effectiveness combination it offers. My least favourite is the MDP bloated and over zealous NAV. MW snip MW And then there's Sophos AV, which also integrates with The Bat! MW http://www.sophos.com/ MW ftp://ftp.ritlabs.com/pub/the_bat/bav/ MW M Hrm. Lots of choices. I'd be most happy if the Panda plugin worked... After all, I already have Panda AV. - -- Best regards, David mailto:[EMAIL PROTECTED] If the pen is mightier than the sword, and a picture is worth a thousand words, how dangerous is a fax? Using The Bat! v1.62i on Windows 98 4.10 Build A -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1-nr1 (Windows 98) iD8DBQE+ZoqF8BowLud/+3gRAn8aAKClDf4eFvILQQYg+KL8J5xS55tLEgCfW7AZ Fuku1WC5F2dBXQW1m7rdApk= =ISC3 -END PGP SIGNATURE- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hi David, Wednesday, March 5, 2003, 7:15:07 PM, you wrote: DC Hello All, DC Got another question, What Antivirus works really well with TB!? Norton or AVG. Personally, I prefer Norton as I find it's more thorough. But this is personal experience (though I have been part of an organization which did testing to find the most accurate solution - we came up with Norton and Sophos). In the end though, it's personal choice, and you'll get as many opinions as there are users. -- Best regards, Mike Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello Melissa, On Wed, 5 Mar 2003 11:57:14 -0800 GMT (06/03/03, 02:57 +0700 GMT), Melissa Reese wrote: Actually, no anti-virus will catch any virii, because virii isn't even a word. :-) Viruses is the proper plural form of virus. Thank you! On this list I was starting to get the feeling I am the only one who uses viruses as the plural of virus. I didn't want to say anything, not being a native speaker and all, but I have now bookmarked those webpages. ;-) -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. When they broke open molecules, they found they were only stuffed with atoms. But when they broke open atoms, they found them stuffed with explosions. Message reply created with The Bat! 1.63 Beta/5 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Antivirus
Hello Melissa, On Wed, 5 Mar 2003 12:43:38 -0800 GMT (06/03/03, 03:43 +0700 GMT), Melissa Reese wrote: I'm all for good freeware programs (and thankful to the generous programmers who offer them), but I'm also happy to pay for software if I feel it will do a better job than competing freeware (perhaps especially with regards to security software). There are free email clients out there. Why do we happily pay for TB!? Because we get a 30-day trial period. I am using PC-Cillin, and while I am quite happy with it, it does not reliably catch viruses that are in attached files when downloading mails. So, I manually save every attachment that might contain a virus (including, for example, .doc and .xls files from friends), and that action would trigger the realtime scan. But then, I am using PCC6 (1999) and the latest version is PCC2003, so this problem might have been addressed on any one of the pay-for updates in the past 4 years. If NOD32 (which gets the most praise on this list) offers a trial period, I am willing to look into it. Does it? One question to those people who said ion an earlier thread they don't use virus scanners but rely on common sense: how do you tell whether a .doc file has a macro virus if you don't use a virus scanner? Do you open the file in hex editor and scan with your eyes? If so, I admire you if you can spot the code faster than a virus scanner. In fact, I think you could make a lot of money on TV shows like Ripley's Believe it or not. ;-) -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Everybody repeat after me.We are all individuals. Message reply created with The Bat! 1.63 Beta/5 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plug-ins?
Hello Scott, Wednesday, November 6, 2002, 4:48:34 AM, you wrote: SJ Does checking anything on the virus protection window actually make a SJ difference if you do *not* have Kaspersky installed? Also, are there SJ any antivirus external plug-ins available? $100 for Kaspersky Pro SJ version which allows integration is simply not an option here. We have Kaspersky Personal here and it scans everything without any plug-in ( there isn't one ) so the virus protection window doesn't even show Kaspersky !! Doing a test mailing using a file known to trigger Kaspersky ( not the Eicar test ! ) completely locked the outbox until the offending message was deleted so we know it works - and works well :-) -- Best regards, Barry2 Using The Bat! v1.61 on Windows 98 4.10 Build Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plug-ins?
Dear Scott, Wednesday, November 6, 2002 at 5:48:34 AM you wrote: SJ $100 for Kaspersky Pro version which allows integration is simply SJ not an option here. You can use Kaspersky Workstation too, and it discovers the virus, but it only put it in the quarantine box the first time I tried. -- Kind regards, Britt Malka |\/| | \__/ | \/\/ | | \\ // \ / \/ ... It's called subtlety, Stu. You should look it up sometime. ... www.malka.it - www.malka.dk - www.supermalka.dk ... Mailer: Ritlabs SecureBat! v1.61 (7BA406E8D52) under Windows 2000 5.0 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plug-ins?
Hallo Marcus, On Wed, 6 Nov 2002 16:44:48 +0100GMT (6-11-02, 16:44 +0100GMT, where I live), you wrote: M Can you make TB work with F-Prot, Only with a very limited ability, you can extract your attachments and filter them with F-Prot triggered by a filter. M or do you definitely need a special plug-in? The plug-ins provide a different kind of functionality. -- Groetjes, Roelof Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plug-ins?
On 6-11-2002 at 16:44, Marcus wrote: Hi Marcus, Can you make TB work with F-Prot, or do you definitely need a special plug-in? I hope this helps: http://www.guenther-eisele.de/bat/fprot_e.htm -- Greetings, Haico Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In mid:04018078.20021030092358;ntc.net.np, Sudip Pokhrel [SP] wrote:' SP Do you mean to say, when you initiate a download process, *it* SP connects to the net and scans files on a server *before* your SP browser or download manager begin their downloads? SP Are you sure about this? I doubt very much that this is the case. If I do the test with Eicar.com, NOD32 stops me from downloading right away but eicar.com is a tiny file that's downloaded in an instant anyway. I therefore tried this with a larger infected file and the alert does appear after the file is downloaded and is being saved to disk. I doubt that DrWeb works any differently. - -- Allie C Martin \ TB! v1.62/Beta7 WinXP Pro (SP1) List Moderator/ PGP Key - http://pub-key.ac-martin.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (Win32) - GPGshell v2.60 iD8DBQE9v7hJV8nrYCsHF+IRAiU3AKDqHKXXAI2BFrNWU6rSX7JrUwjkBgCg9tbk YYDf4hisegKgYcel+EB9XNg= =Shba -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
ON Wednesday, October 30, 2002, 11:45:32 AM, you wrote: ACM In mid:04018078.20021030092358;ntc.net.np, ACM Sudip Pokhrel [SP] wrote:' SP Do you mean to say, when you initiate a download process, *it* SP connects to the net and scans files on a server *before* your SP browser or download manager begin their downloads? SP Are you sure about this? ACM I doubt very much that this is the case. If I do the test with ACM Eicar.com, NOD32 stops me from downloading right away but eicar.com ACM is a tiny file that's downloaded in an instant anyway. ACM I therefore tried this with a larger infected file and the alert ACM does appear after the file is downloaded and is being saved to disk. ACM I doubt that DrWeb works any differently. Hi Allie, Just ask yourself, if the file isn't downloaded how does the prg check for viruses? Upload itself to the server? -- Best regards, Gerard -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= The tragedy of life is not that it ends so soon, but that we wait so long to begin it. - W. M. Lewis - Using The Bat! v1.61 on Windows 2000 5.0 Build 2195 Service Pack 3 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hi ALlie, On Wednesday, October 30, 2002 05:45 your local time, which was 02:45 my local time, Allie Martin wrote; SP Do you mean to say, when you initiate a download process, *it* SP connects to the net and scans files on a server *before* your SP browser or download manager begin their downloads? SP Are you sure about this? I doubt very much that this is the case. If I do the test with Eicar.com, NOD32 stops me from downloading right away but eicar.com is a tiny file that's downloaded in an instant anyway. This could be half the reason, as often by the time I've decided on a location to save it, it's downloaded. :-) I therefore tried this with a larger infected file and the alert does appear after the file is downloaded and is being saved to disk. I'd be interested in checking DrWeb on a larger file. Could you let me know what you tried it on. I doubt that DrWeb works any differently. Indeed it it strange, as I use DAP and it triggers DrWeb after the download it complete. But for the Eicar file, it warns before completion. As a say, if you could tell me about the larger file, I'd be willing to test it to she what happens. Thanks, Chris. -- E-Mail - [EMAIL PROTECTED] Created Using The Bat! V1.61 and Virus Checked by DrWeb. Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In mid:14612330169.20021030124850;myrealbox.com, Gerard [G] wrote:' G Just ask yourself, if the file isn't downloaded how does the prg G check for viruses? Upload itself to the server? I said in my last post that NOD32 downloads the file and then checks it. I doubt that DrWeb does it any differently. Therefore, why should I ask myself that question?? - -- Allie C Martin \ TB! v1.62/Beta7 WinXP Pro (SP1) List Moderator/ PGP Key - http://pub-key.ac-martin.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (Win32) - GPGshell v2.60 iD8DBQE9wC9aV8nrYCsHF+IRAtQoAKDbUEOSlRZJA7Z2oKaYGM/sUACL9wCfV3vp JkseyGppaSXUYK++hrpjvcI= =qBiL -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Paul, In a message with mid:103192744531.20021027165150;pcartwright.com On 27 Oct 2002 16:51:50 (my local time 22:51:50), you typed: PC I got sent an email with the bugbear virus. AVG quarantined it, no PC problem. Pardon my ignorance, but what version of AvG works with TB!, the free one or do i have to buy any version and if so, what version should i go for? is the free version any good? If this is considered off-topic, please feel free to answer to the adress found in my signature. Thanks - -- - -- /Krister mailto:krister;bonetmail.com This mail brought to you by The bat! V1.61, on Windows 98 4 10 build Pgp keys available here: Mailto:krister;bonetmail.com?subject=get_pgp_keys -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.0-nr2 (Windows 98) iD8DBQE9vo2eODlJeoMTOQsRAlM1AKDl9K7hv7jiYFeKZLZXMcnVm9UVtwCfY2Sr Hu4G2VP5tvsQ53gYH/nyWYo= =kevU -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hallo Krister, On Tue, 29 Oct 2002 14:30:52 +0100GMT (29-10-02, 14:30 +0100GMT, where I live), you wrote: KE Pardon my ignorance, but what version of AvG works with TB!, the free KE one or do i have to buy any version and if so, what version should i KE go for? is the free version any good? All versions, the free, the single user and the network version. However, you need the plug-in and you need to download that separately from: http://files.grisoft.cz/softw/thebat/avgbat9us.exe -- Groetjes, Roelof Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hi Anne, On Tuesday, October 29, 2002 20:04 your local time, which was 12:04 my local time, Anne Anne [A] wrote; CW I'm not sure about other AV's, but DrWeb actually scans compressed files CW before execution. Therefore, if it has a virus, it'll recognise it CW before you even attempt to save it and then unpack it. A Kaspersky does the same Chris - in fact this afternoon I was trying to A download the eicar test file to use on the test box downstairs and it A as in a zip format. As soon as the download had finished and before I A had even managed to get to the directory it was in Kaspersky blocked A access to it. Resort to plan B - write my own eicar file on the A standalone box! g Actually I just tried it again and DrWeb won't even let you download it. As soon as you click on the link to download it, it warns you that it's a virus, well, a test virus. This is another feature I really liked with DrWeb, because if you're about to download a big file, it'll warn you before you start downloading it rather than when you've finished. For dial-up users this could be a godsend, rather than downloading a file and then finding it has a virus. Cheers, Chris. -- E-Mail - [EMAIL PROTECTED] Created Using The Bat! V1.61 and Virus Checked by DrWeb. Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hi Anne! In message mid:169130928287.20021030015858;gmx.co.uk on Tuesday, October 29, 2002, 7:58:58 PM, you wrote: A This has me puzzled Chris - how can an AV on a local machine be A scanning a file on a remote server before it's downloaded? Usually the download is actually in progress while it waits for you to confirm where to save the file. -- --Scott. mailto:Wizard;local.nu Using The Bat! 1.61 under Windows XP 5.1 Build 2600 on an AMD Athlon XP 1900 (1.6G real, 1.9G effective) with 512MB. Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hi Chris, On Tuesday, October 29, 2002 12:13 your local time, (Wednesday, 01:58 my local time), you [CW] wrote: CW This is another feature I really liked with DrWeb, because if CW you're about to download a big file, it'll warn you before you CW start downloading it rather than when you've finished. Do you mean to say, when you initiate a download process, *it* connects to the net and scans files on a server *before* your browser or download manager begin their downloads? Are you sure about this? -- be well, Sudip Pokhrel |/\ PM: [EMAIL PROTECTED] |\ / ASCII Ribbon Campaign PGP Key ID: 0xD93F5185| X Against HTML E-mail ! http://pgpkeys.mit.edu|/ \ ___ FILES=1 BUFFERS=0 FCBS=SAYWHAT BREAK=GIMME ___ TB! v1.61 on XP Pro| P4-1.6Ghz 256MB RAM| Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 'Lo Allie, On Sun, 27 Oct 2002 21:38:28 -0500 your time, you authored this: ACM Since you posted your findings to this list, I thought your p snip ACM I've always replied with TB! as my ... Yeah, if you really say so Allie. :-/ What I've posted I stand by, and is in context, given the nature of our previous communications. If you need to try and score points by suggesting that I am solely responsible for taking the discussion slightly off topic then enjoy yourself :) ACM I don't know how many of the readers here realize that as TB! users, ACM the results of those tests you did don't really matter, and that ACM checking weeding out dangerous file-types isn't really scanning for ACM viruses Couldn't disagree with you more with *your opinion*, and I must say it seems a rather narrow and irresponsible position for you to take as well. Of course such tests are valid, and they would be relevant outside of the context of TB! as well. There are users like me that would be more than happy to know that the AV scanner software that they are using is able to offer all levels of protection, regardless of whether TB! has similar safeguards implemented, albeit in another way - that is in context to The Bat! by the way before you suggest that it isn't. I am much happier for my AV software to quarantine possible exploits before they hit the TB! inbox and that will save having to deal with any possible threats on a per email basis, and I suspect that many other users would feel the same way. I don't think the future is having to go through a paranoid per email sniff to check whether each email is safe or not, but rather transparency, so that receiving and opening email doesn't become a chore of a 101 decisions. Of course the advantages of using TB! are many, and having such protection against possible exploits built in is a great concept, but it in know way replaces the use of a good scanner, or a scanner that is able to detect exploits as well as virii. I think what you say about scanners not being scanners if they 'weed' out the occasional exploit is pseudo-literalistic nonsense. ACM a TB! user, it's not really valid to choose to use Kapersky over AVG ACM because of how one performs with these tests as opposed to the other. You mistake your role Allie. This type of decision doesn't call for a judgment by you. In your opinion it may not be valid, because you do things they way you do them, so the logic in your context is out of place, but but of course if users prefer to have AV software handle exploits in the manner that Kapersky does then it is completely valid to choose Kapersky over AVG on that basis. There is no definitive reasoning here, just personal preference based on users preferred methods of email management. S Yeah, but we are talking real world not ideals. ACM I thought we were on-topic, i.e., talking about A-V software in the ACM context of TB! and making decisions on which to use... Well I was as much on topic as you were, but I'll refresh your memory if you like: ACM Warnings should be issued by your e-mail client. Of course, Outlook is ACM a different beast and it would seem that it does need something to ACM prevent these filetypes being downloaded to it at all. But which ACM application is lacking here? Is it the A-V Software or is it Outlook? You seem to be talking about AV software in context to Outlook, not TB! See, you aint no puritan either ;) S I think the point is one of familiarity. ...Generally speaking, even the S most basic of user gets to grips with the dangers of running .com and S .exe files, so understand them as being executable files ACM Are you sure about this? :) Well I was sure enough to write it Allie, so what do you think? In my experience, and that experience extends to directly dealing with people using PCs in their homes, from Win 3.11 onwards, users do understand, and quicker when taught of course. My experiences may not match yours, or others, but in my context, yes, people understand. In the phone tech support support realm, where large numbers of users are begging for help, my experiences may seem to conflict, but dealing with people on a one to one basis in their homes has furnished me with these experiences, and that is what I based my comment on. Of course I have absolutely no need to justify this, but as you asked...! S Again, in and ideal world that would be fine. But it aint, and S users don't and won't do as they should always, and I don't S think they deserve to get infected because of it. Some people S might call those types lamers or whatever - a term I hate - S but it's not their fault that there is a war against Microsoft S going on and they happened to get caught up in the middle of it. ACM snip But what has it got to do with TB! which
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 'Lo Peter, On Mon, 28 Oct 2002 08:35:54 +0100 your time, you authored this: PP Form my PoV it didn't came out very clearly the 'uncatched' mails PP contained no viruses but 'only exploits', especially that The Bat! ain't PP vulnerable to them. So I wanted to make that explicitly clear, before PP the 'scream and shout' about eventually missing capabilities starts :-) That's a fair point as I didn't make it totally clear :) - -- Slán, Simon theycallmesimon.co.uk ___ Faffing about with TB! v1.61 on W2K SP3 PGP Key: http://pgp.netbanger.com/ -BEGIN PGP SIGNATURE- Comment: Privacy is freedom. Protect your privacy with PGP! Comment: KeyID: 0x5C7E8966 Comment: Fingerprint: 851C F927 0296 FF1C 70A2 474F CB6E 6FFE 5C7E 8966 iQA/AwUBPb1KFstub/5cfolmEQIRLACfSIr2V3U6pLHQiXSGjyjyd1e4eaoAn2Ae Qs3N1HUjKYJJ6POn6nwowAaZ =boM+ -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
On Monday, October 28, 2002, 10:09 AM, you wrote: DH Hello Simon, Allie, others following this important thread. DH It seems to me that Simon and Allie are basing their positions on DH two different principles or givens, which are always correct by DH definition. That's what produces a stalemate, in absolute terms. In DH relative terms, each of us can decide for him or herself which DH principles are more or less (or equally) important. Below, I present DH a third principle that I believe is also relevant. and a fourth- if you don't keep ANY anti-virus package up-to-date it is almost worthless. I have used many PCs where the virus definitions are over 1 year old. THEY think they are protected! and lets not forget AVG is FREE for personal use only, they DO SELL a professional product. -- Paul Using The Bat! v1.62/Beta7 on Windows XP 5.1 Build 2600 Service Pack 1 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hi all, On Monday, October 28, 2002 10:30 your local time, which was 07:30 my local time, Paul Cartwright [PC] wrote; DH Hello Simon, Allie, others following this important thread. DH It seems to me that Simon and Allie are basing their positions on DH two different principles or givens, which are always correct by DH definition. That's what produces a stalemate, in absolute terms. In DH relative terms, each of us can decide for him or herself which DH principles are more or less (or equally) important. Below, I present DH a third principle that I believe is also relevant. PC and a fourth- if you don't keep ANY anti-virus package up-to-date it is PC almost worthless. I have used many PCs where the virus definitions are PC over 1 year old. THEY think they are protected! PC and lets not forget AVG is FREE for personal use only, they PC DO SELL a professional product. Just like to also add a comment on DrWeb. I'm not sure about other AV's, but DrWeb actually scans compressed files before execution. Therefore, if it has a virus, it'll recognise it before you even attempt to save it and then unpack it. A feature that I was personally after that made me plump for DrWeb. That's it :-) Chris. -- E-Mail - [EMAIL PROTECTED] Created Using The Bat! V1.61 and Virus Checked by DrWeb. Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
On Monday, October 28, 2002, 11:21 AM, you wrote: DH Hello Paul, DH On Monday, October 28, 2002, 9:30:07 AM, you wrote: PC and a fourth- if you don't keep ANY anti-virus package up-to-date it is PC almost worthless. I have used many PCs where the virus definitions are PC over 1 year old. THEY think they are protected! PC and lets not forget AVG is FREE for personal use only, they PC DO SELL a professional product. DH And in fact, if I recall, you don't get the heuristics capability DH unless you register it as such. no, actually I already have that function turned on, in my free version. -- Paul Using The Bat! v1.62/Beta7 on Windows XP 5.1 Build 2600 Service Pack 1 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 'Lo Lourdes, On Sat, 26 Oct 2002 05:48:11 -0500 your time, you authored this: LJ http://www.gfi.com/emailsecuritytest/ has a nice set of test emails LJ I'm interested in knowing if the Anti-Virus plugins will catch the LJ fragmented email (eicar.com attachment) I was testing the AVG plugin with TB! yesterday with eircar.com available from here http://www.eicar.org/anti_virus_test_file.htm When I checked my mail AVG caught the attached file and created a new quarantine folder in TB!, then moved the infected email there before continuing to process other incoming mail - So obviously after reassembly but it still gets caught :) - -- Slán, Simon theycallmesimon.co.uk ___ Faffing about with TB! v1.61 on W2K SP3 PGP Key: http://pgp.netbanger.com/ -BEGIN PGP SIGNATURE- Comment: Privacy is freedom. Protect your privacy with PGP! Comment: KeyID: 0x5C7E8966 Comment: Fingerprint: 851C F927 0296 FF1C 70A2 474F CB6E 6FFE 5C7E 8966 iQA/AwUBPbvkKstub/5cfolmEQKM2wCfYpMrFEyGo4I57YJwyMqk0pnrv0QAoK6h JgA6NNtZFx5DH/zEba09ol06 =XY2f -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Simon, 27-Oct-2002, 13:03 Simon said: LJ I'm interested in knowing if the Anti-Virus plugins will catch LJ the fragmented email (eicar.com attachment) I was testing the AVG plugin with TB! yesterday with eircar.com ... AVG caught the attached file ... So obviously after reassembly but it still gets caught :) Excellent news. Thanks for reporting back with this. - -- Cheers -- .\\arck D Pearlstone -- List moderator TB! v1.62/Beta7 on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1rc1-nr1 (Windows 2000) iD8DBQE9u+3BOeQkq5KdzaARAmIqAKCKImlxXxPlffB83S5piG96BFWJQgCfZ+JY EIfJ/xxtMMEQXIUhboHzink= =uhp4 -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 'Lo Douglas, On Sun, 27 Oct 2002 07:35:29 -0600 your time, you authored this: [ 8 ] DH Are attachments contained in the message body or in a separate DH folder? If it's the latter, AVG will alert you and quarantine the DH message but the infected file remains in the attach (or other) DH folder... I had always kept attachments in a separate folder, until recently. I liked it that way, and any infected files that I received got dropped there and pgp wiped by me later. However, I got fed up with managing the folder and having to sort through hundreds of files so recently changed to keeping attachments in the message bodies. Still unsure about this, but of course in this case it shows how advantageous this method is :) - -- Slán, Simon theycallmesimon.co.uk ___ Faffing about with TB! v1.61 on W2K SP3 PGP Key: http://pgp.netbanger.com/ -BEGIN PGP SIGNATURE- Comment: Privacy is freedom. Protect your privacy with PGP! Comment: KeyID: 0x5C7E8966 Comment: Fingerprint: 851C F927 0296 FF1C 70A2 474F CB6E 6FFE 5C7E 8966 iQA/AwUBPbvxEctub/5cfolmEQKi5gCfYCwN70e+KvP6/KR1Ep0bVpXJKBYAn1y3 M5ZK+MVellte7Iiu0/c2b2b2 =jhO/ -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hello Simon, On Sunday, October 27, 2002 at 2:03:27 PM you [S] wrote (at least in part): LJ http://www.gfi.com/emailsecuritytest/ has a nice set of test emails LJ I'm interested in knowing if the Anti-Virus plugins will catch the LJ fragmented email (eicar.com attachment) S I was testing the AVG plugin with TB! yesterday with eircar.com available S from here http://www.eicar.org/anti_virus_test_file.htm When I checked my S mail AVG caught the attached file and created a new quarantine folder in S TB!, then moved the infected email there before continuing to process other S incoming mail - So obviously after reassembly but it still gets caught :) OK. Did the very same test. I asked to send me 1.) pure Eicar 2.) fragmented messaage with Eicar I'm using AVG plus it's plugin for The Bat! in Version 9/6.0.408. The two messages came in, the pure Eicar message got 'arrested' in Quarantine folder, the fragmented messages went to my Inbox and got re-assembled _there_. I could see how the message list flickered and 5 messages became one. As I can see on my mail server (or using Mail dispatcher) the fragmented messages are subjected with eicar.com [1/5] to eicar.com [5/5] The re-assembled message has the (original) subject Fragmented message vulnerability test (for Outlook Express) So re-assembling went OK. Nevertheless: this message was _not_ quarantined. Of course I get warned when trying to open the attachment about a virus found. Neverthless: I do in fact wonder how Simon managed it, because I see technical problems with re-assembling and virus scanning. When receiving the messages TB! does not know if all parts are there, therefore it can't re-assemble it to let AVG scan _at receive time_. Therefore only every single part can be scanned then. Now The Bat! would have to reach the reassembled mail to AVG after it put all parts together for the virus becoming recognized and the mail getting quarantined. This re-assembling is done _after_ mails are received, as I could see at the flicker in my message list, but there's no known hook to me in The Bat! that gives the message to an AV-plugin when message list actions are done; the only hook there is at attachment actions like 'save' or 'open'. To avoid problems that might only occur with IMAP I bounced (redirected) the fragmented messages to a POP3 account as well, received them there and had the same result: re-assembling was done after receiving was finished and the separate messages were already visible in message list (therefore after every single one passing the AV-test, as they're put to message list only after passing this test). All in all I don't see a big problem in this, The Bat! still warn's before opening, scans when actually opening and scans too when saving (unless somebody has disabled this options by his own). It does not run an attachment automatically, so one should be relative safe. The problem in fact does only exist 'for real' at clients that re-assemble the message parts and then run the attachment, as Outlook and Outlook Express do. So I wouldn't put to much scream and whining into this issue for current The Bat! versions, but instead make it a strong recommendation for version 2 that The Bat! threads a reassembling of separate like an action of receiving and additionally scans the reassembled message. IMHO it's a pure cosmetic fix that will make version 2 look even more powerful if present but does not increase security _significantly_. Just my experiences and 0.02 ¤ :-) -- Regards Peter Palmreuther (The Bat! v1.62/Beta7 on Windows 2000 5.0 Build 2195 Service Pack 1) What did the lepper say to the hooker? Keep the tip. Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 'Lo Peter, On Sun, 27 Oct 2002 16:00:20 +0100 your time, you authored this: PP Neverthless: I do in fact wonder how Simon managed it, because I see PP technical problems with re-assembling and virus scanning. I didn't manage it! :-/ S I was testing the AVG plugin with TB! yesterday with eircar.com available S from here http://www.eicar.org/anti_virus_test_file.htm The eircar.com got caught but using that test. Running the test at http://www.gfi.com/emailsecuritytest/ gave different results so my reply was perhaps premature and misleading. The 5 fragged messages from gfi.com were visible in the mail server list, Mailwasher, and Mail Dispatcher and did get reassembled in the Inbox. I have run the test posted at gfi.com 6 times now and each time the fragmented message gets through, as you describe, whether sent direct to my mail server or retrieved via ISP POP accounts, and each time the message end's up in my mailbox, reassembled, with eircar.com attached and undetected. Worse still is that after running these test over and over I have found that AVG doesn't consistently detect the incoming infected emails. When I ran all tests available at http://www.gfi.com/emailsecuritytest/ the second time round AVG quarantined 5 of the incoming messages (not the fragmented ones) and the others ended up in the outbox with the reassembled eircar.com test message for Outlook Express users. On the third run AVG didn't quarantine any of them! And the forth run 5 were quarantined again, and each time after that they were quarantined also. I'm going to test it some more because that is strange behavior. Anyhow, I shall go back to manually checking mail in the inbox after this episode. Not tried the Kapersky plugin yet though. - -- Slán, Simon theycallmesimon.co.uk ___ Faffing about with TB! v1.61 on W2K SP3 PGP Key: http://pgp.netbanger.com/ -BEGIN PGP SIGNATURE- Comment: Privacy is freedom. Protect your privacy with PGP! Comment: KeyID: 0x5C7E8966 Comment: Fingerprint: 851C F927 0296 FF1C 70A2 474F CB6E 6FFE 5C7E 8966 iQA/AwUBPbwiB8tub/5cfolmEQKCpgCfRuluJUEWOrYX9ey/boMHWt7hP/8An0NI kyCpsBvGWxwhYrPZFxpFhHbc =pat3 -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 'Lo, Well I should have been more thorough, so please accept my apologies to everyone to start with. Having both Kapersky and AVG plugins loaded was confusing matters somewhat, and causing problems as well. I shall explain as it answers a previous question I asked about multiple plugins use as well. First: *ONLY* the AVG Plugin installed The AVG plugin only catches the eircar.com virus attachment our of all the exploits sent by gfi.com. It pops up a notification window before quarantining the infected email message: http://www.netbanger.com/offsite/avgeircar.gif These are rest of the test files from gfi.com that ended up in my mailbox. * Object Codebase vulnerability test * MIME header vulnerability test * Iframe remote vulnerability test * ActiveX vulnerability test * eicar.com [1/5] * VBS attachment vulnerability test * CLSID extension vulnerability test * Malformed file extension vulnerability test (for Outlook 2002 - XP) * GFI's Access exploit vulnerability test * CLSID extension vulnerability test (for Outlook 2002 - XP) You'll probably notice eicar.com [1/5] in the list, and this message is the only part 1 of the 5 fragments to arrive so maybe something to do with my earlier expieriences. However, after a second poll to the server the remaining fragments were retrieved and the fragmented message was immediately reasembled in the inbox as: * Fragmented message vulnerability test (for Outlook Express) In any event, with *only* the AVG plugin installed nothing but the eircar.com attachment is detected and quarantined. Second: *ONLY* the Kapersky Plugin installed The Kapersky plugin catches 5 of the emails, but also kicks up an error 1 test out of 3: http://www.netbanger.com/offsite/kaperskyeircar.gif After Kapersky has quit the *quarantine* folder contains the following messages: * CLSID extension vulnerability test (for Outlook 2002 - XP) * Object Codebase vulnerability test * MIME header vulnerability test * Eicar anti-virus test * Malformed file extension vulnerability test (for Outlook 2002 - XP) The *inbox* contains the following messages: * Iframe remote vulnerability test * VBS attachment vulnerability test * GFI's Access exploit vulnerability test * CLSID extension vulnerability test * ActiveX vulnerability test * Fragmented message vulnerability test (for Outlook Express) Third: *BOTH* the AVG (first in list) and Kapersky Plugins installed both the AVG notification window and the Kapersky error window pop up: http://www.netbanger.com/offsite/onkpavgeircar.gif Obviously, this indicates that both plugins are run in succession (in the snap AVG has focus because I clicked it. The Kapersky window had focus before that, being that it is second in the plugin list so ran last. With both AVG and Kapersky plugins installed the following files get moved to the *quarantine* folder: * CLSID extension vulnerability test (for Outlook 2002 - XP) * Object Codebase vulnerability test * MIME header vulnerability test * Eicar anti-virus test * Malformed file extension vulnerability test (for Outlook 2002 - XP) The *inbox* contains the following messages: * Iframe remote vulnerability test * VBS attachment vulnerability test * GFI's Access exploit vulnerability test * CLSID extension vulnerability test * ActiveX vulnerability test * Fragmented message vulnerability test (for Outlook Express) Conclusion: Although AVG catches the eircar.com virus attachment it failed to catch and quarantine any of the others. Kapersky on its own catches only 5 of the possible 11 (which is expected really I suppose). So there is no advantage having both plugins installed for one, and second, it seems that either I have a problem or the Kapersky plugin has a problem. Third, to eventually get around to the original question, which I failed to answer ;), no scanners I tested detect virii in fragments, or after fragments had been reassembled in the inbox, which is a vulnerability of course. Lastly, using both AVG and Kapersky plugins gives unpredictable results. Sometimes all 11 emails end up in the inbox, and neither scanner manages to quarantine anything. And that is odd! - -- Slán, Simon theycallmesimon.co.uk ___ Faffing about with TB! v1.61 on W2K SP3 PGP Key: http://pgp.netbanger.com/ -BEGIN PGP SIGNATURE- Comment: Privacy is freedom. Protect your privacy with PGP! Comment: KeyID: 0x5C7E8966 Comment: Fingerprint: 851C F927 0296 FF1C 70A2 474F CB6E 6FFE 5C7E 8966 iQA/AwUBPbw2h8tub/5cfolmEQL7fACgzoRP8Ih710J+YwubJaQdPUWOaoYAn2pR gW+hsDZYK9lgdfJRbn+n+1qx =kgP7 -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 'Lo Barry2, On Sun, 27 Oct 2002 19:32:52 + your time, you authored this: B When we tried out the whole range of test e-mails from www.gfi.com B using Kaspersky AVP it picked up *all* of them without a hitch ! I've done a *lot* of testing today using the Kapersky plugin it does not lead to 100% detection of all the gfi.com test files. Are you talking about using the resident components? - -- Slán, Simon theycallmesimon.co.uk ___ Faffing about with TB! v1.61 on W2K SP3 PGP Key: http://pgp.netbanger.com/ -BEGIN PGP SIGNATURE- Comment: Privacy is freedom. Protect your privacy with PGP! Comment: KeyID: 0x5C7E8966 Comment: Fingerprint: 851C F927 0296 FF1C 70A2 474F CB6E 6FFE 5C7E 8966 iQA/AwUBPbxJcctub/5cfolmEQJEBwCfVJKEUJxvAz3bLLFalTsPCTq7MokAn32w ysTY/0HS8aaejuzPH9oXoRJ3 =4EhF -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hello Barry2, On Sunday, October 27, 2002 at 8:32:52 PM you [B] wrote (at least in part): PP This re-assembling is done _after_ mails are received, as I could see PP at the flicker in my message list, but there's no known hook to me in PP The Bat! that gives the message to an AV-plugin when message list PP actions are done; the only hook there is at attachment actions like PP 'save' or 'open'. B AIUI - TB! uses temp files to bring in mail and that's where the AV B would pick up the virus definition ( providing you have it set to scan B all file types ). CMIIW, but these .tmp fiels are used on 'per message basis' when fetching them from POP/IMAP. The fragmented message will come in as x messages with x .tmp files, non of them containing the complete virus. So the AV-engine must be very lucky to detect the virus, maybe occasionally this is possible. But in general The Bat! will 'rebuild' the virus _after_ those .tmp files are imported to message base and already deleted, so in case of a 'fragmented message virus attack' there will be no single .tmp file an AV-engine could catch. Nevertheless, The Bat! uses temporarily files as well when opening attachments from inside The Bat!, so first an eventually configured 'Scan attachments when opening' plug in will take effect and second an eventually installed and configured resident virus shield will recognize the virus if the plugin is missing / not activated. -- Regards Peter Palmreuther (The Bat! v1.62/Beta7 on Windows 2000 5.0 Build 2195 Service Pack 1) Bureaucrat, n.: A politician who has tenure. Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hello Simon, On Sunday, October 27, 2002 at 7:54:51 PM you [S] wrote (at least in part): [AVG plugin test] S These are rest of the test files from gfi.com that ended up in my mailbox. S * Object Codebase vulnerability test S * MIME header vulnerability test S * Iframe remote vulnerability test S * ActiveX vulnerability test S * eicar.com [1/5] S * VBS attachment vulnerability test S * CLSID extension vulnerability test S * Malformed file extension vulnerability test (for Outlook 2002 - XP) S * GFI's Access exploit vulnerability test S * CLSID extension vulnerability test (for Outlook 2002 - XP) [...] S In any event, with *only* the AVG plugin installed nothing but the S eircar.com attachment is detected and quarantined. None of them is a virus. Excluding the 'eicar.com [1/5]' which can't be detected, all of the rest are 'exploits', no viruses. The reason why Kaspersky detects some of them is that they seem to not only concentrate on virus detection, but 'detection of possible malicious code' as well. Something I don't expect as being the core competence of an AntiVirus engine. I for myself don't want to blame any AV software for not playing 'sandbox' for potentially aggressive code like .VBS scripts or CLSID-hacks (exploits). It's the application that should not execute anything within it's context (like Outlook [Express] does with ActiveX-objects and CLSID-based embedded objects) and the interpreter engine that should provide a sandbox (like I'd like to see one for .VBS scripts). -- Regards Peter Palmreuther (The Bat! v1.62/Beta7 on Windows 2000 5.0 Build 2195 Service Pack 1) Music is my life, but what is life? Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 'Lo Peter, On Sun, 27 Oct 2002 22:15:03 +0100 your time, you authored this: snip PP None of them is a virus. Excluding the 'eicar.com [1/5]' which can't PP be detected, all of the rest are 'exploits', no viruses. umm, yeah, that's what I said, as in: S of all the exploits snip PP Something I don't expect as being the core competence of an AntiVirus PP engine. ? Yeah, that's what I said: S (which is expected really I suppose) Although unlike you I expect a little more, which is what Kapersky seems to offer. - -- Slán, Simon theycallmesimon.co.uk ___ Faffing about with TB! v1.61 on W2K SP3 PGP Key: http://pgp.netbanger.com/ -BEGIN PGP SIGNATURE- Comment: Privacy is freedom. Protect your privacy with PGP! Comment: KeyID: 0x5C7E8966 Comment: Fingerprint: 851C F927 0296 FF1C 70A2 474F CB6E 6FFE 5C7E 8966 iQA/AwUBPbxa7Mtub/5cfolmEQKmGgCdG7vQNO5o34kieOmM0+toEE7LS6AAoMpz dr8tMbx+pLTuYGu6Po8XZ+jz =z49D -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In mid:15424395968.20021027185451;theycallmesimon.co.uk, Simon [S] wrote:' S The AVG plugin only catches the eircar.com virus attachment our S of all the exploits sent by gfi.com. I ran the same test and got the same result with DrWeb. Which begs the question on this test. Are virus scanners supposed to quarantine files that aren't really viruses? I've never had a genuine virus not get quarantined by NOD32 and now DrWeb. S Although AVG catches the eircar.com virus attachment it failed S to catch and quarantine any of the others. yawn ;) I really question the applicability of such tests. The main problem with this test being that real viruses aren't being used. For example, the message with the .vbs file attached came through saying: ,-[ begin ]- | | Your mail server has just accepted and sent you an | email containing a .vbs attachment! This means it is | relying on desktop level security to protect you. | You should now try to run the attachment.| | '-[ end ]-|| Not necessarily. It could just mean that your virus scanner doesn't simply consider any file with a .vbs extension a virus. It further says: ,-[ begin ]- | | If you can run this file, then you are vulnerable to | attacks by email viruses like the LoveLetter, and | AnnaKournikova. VBS files contain commands which, | when executed, can do virtually anything on the | recipient's PC. This includes running malicious code | such as viruses and worms. | | '-[ end ]-|| If you can run a .exe file then this makes you vulnerable to all virii that are .exe files. If you run .com files or .cmd files (I do this everyday) then you're vulnerable to virii that use these extensions. I guess it wouldn't be practical to mention those filetypes eh? The statement above just seems ridiculous to me. This is the basic theme of the whole exercise. They send you harmless files, using file extensions that are potentially dangerous when abused, but legitimate file-types in their own right. What protects you is your choice of software, a good anti-virus program not necessarily rigged to pass such tests, and carefulness on the part of the user to not open received attachments willynilly. If you use Outlook then you'll end up crippling your system to really protect it from virii. I don't remember what A-V software I was using at the time, but I was discussing a virus with someone and they quoted the viruses name in their reply, The message was intercepted as being infected, *just because it had the viruses name in the body text*. I don't know about you but I was not impressed and got rid of the scanner. I detest ridiculous false positives as that one. S Kapersky on its own catches only 5 of the possible 11 (which is S expected really I suppose). So there is no advantage having both S plugins installed for one, I fail to see your reasoning behind why this is so and after doing this single test. This test doesn't in any way confirm that one scanner may detect a virus that the other cannot. S and second, it seems that either I have a problem or the Kapersky S plugin has a problem. Third, to eventually get around to the S original question, which I failed to answer ;), no scanners I S tested detect virii in fragments, or after fragments had been S reassembled in the inbox, which is a vulnerability of course. Perhaps a vulnerability for Outlook users but not for you. ;) This technique seems to have been designed to get past those who use POP3 scanners and don't run a realtime scanner. However, if you're a TB! user, and the fragmented virus is reassembled in your inbox, it will not be executed. Additionally, if your virus scanner is aware of this virus and you're using one of the TB! anti-virus plug-ins, you will not be allowed to save the file to disk (if you store your attachments with the message. If you don't then the file is already stored on the disk) or execute it. If you're running Outlook with an A-V scanner that doesn't detect the virus, then the virus is automatically executed and installed by Outlook and you're toast. But you're using Outlook. Aside from crippling the system, one cannot help much if the instrument has fundamental flaws. S Lastly, using both AVG and Kapersky plugins gives unpredictable S results. Sometimes all 11 emails end up in the inbox, and neither S scanner manages to quarantine anything. And that is odd! Now you're unto something. This is a valid reason for not running both of them. They seem to interfere with each other, rather than compliment each other. Have them do different things, but not the same thing. I have both NOD32 and DrWeb running. I decided to retry DrWeb because NOD32's plugin causes this annoying flickering into view of the NOD32 window whenever an attachment comes in and is being scanned. The flickering of the window, causes the window I'm working in to lose focus. Anyway, I have DrWeb doing the e-mail
Re: antivirus plugin with fragmented email
On Sunday, October 27, 2002, 8:44 AM, you wrote: I was testing the AVG plugin with TB! yesterday with eircar.com ... AVG caught the attached file ... So obviously after reassembly but it still gets caught :) MDP Excellent news. Thanks for reporting back with this. I got sent an email with the bugbear virus. AVG quarantined it, no problem. I sent the sender a message and he found a koo.exe file on his PC. He uses eudora, not OE or OL, I was surprised! I tried to talk him into TB, but he couldn't get his files moved over and he gave up. -- Paul Using The Bat! v1.62/Beta7 on Windows XP 5.1 Build 2600 Service Pack 1 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hello Douglas, On Sunday, October 27, 2002 at 10:59:41 PM you [DH] wrote (at least in part): DH BTW, your signature delimitator isn't functioning. Wrong. It's just 'escaped' by PGP-signature. PGP escaped dashes at beginning of a line by prepending '- ' for not getting confused when decoding / verifying signature. Don't ask my why, I've never understood this, as the PGP-delimiter itself is 4-5 dashes, so I don't see any conflict with a 'dash-dash-space', but that's how it is ... :-/ -- Regards Peter Palmreuther (The Bat! v1.62/Beta7 on Windows 2000 5.0 Build 2195 Service Pack 1) Atheist Liberation Association: A non-prophet organization! Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hi Allie! In message mid:88204631825.20021027164307;landscreek.net on Sunday, October 27, 2002, 3:43:07 PM, you wrote: S Although AVG catches the eircar.com virus attachment it failed S to catch and quarantine any of the others. ACM yawn ;) I really question the applicability of such tests. The ACM main problem with this test being that real viruses aren't being ACM used. A properly-implemented AV program *should* consider the EICAR test virus to be a real virus. Otherwise, it defeats the purpose of even having a test. -- --Scott. mailto:Wizard;local.nu Using The Bat! 1.61 under Windows XP 5.1 Build 2600 on an AMD Athlon XP 1900 (1.6G real, 1.9G effective) with 512MB. Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 'Lo Allie, On Sun, 27 Oct 2002 16:43:07 -0500 your time, you authored this: ACM Which begs the question on this test. Are virus scanners supposed to ACM quarantine files that aren't really viruses? I don't think it is a question of, 'are they supposed to?', but rather, 'can they?'. And of course Kapersky can, so to me it simply means Kapersky is providing more prophylactic power than AVG. If the software safeguards against viruses and known exploits then I'm pretty happy about that. ACM It could just mean that your virus scanner doesn't simply consider any ACM file with a .vbs extension a virus. :-/ Sorry, but I think you kind of miss the point really Allie. Being as we are considering email file attachments; how do most infections occur? Unprotected email users! I think it is a prudent safeguard to treat any file with a vbs extension, or a double extension ending in .vbs, being delivered by email, as suspicious, and the fact that an AV scanner like Kapersky does is all the better for the end user IMO. Put it this way, I'd rather be notified than not! ACM The statement above just seems ridiculous to me Well of course, they are trying to sell you their product after all, so what do you expect? g S Kapersky on its own catches only 5 of the possible 11 (which is S expected really I suppose). So there is no advantage having both S plugins installed for one ACM I fail to see your reasoning behind why this is so and after doing this ACM single test The reasoning being that both seem to do job. Hands up, I've been busted! I understand what you are saying, and of course why you logically question this, but I personally don't really want to go through a library of virii testing each scanner with each virus just to see how they compare. I can change the wording if you like.. here goes: If, under fair testing, Kapersky and AVG were found to compare equally when detecting virii, then there would of course be no real advantage having both plugins installed under TB!. However, as I have not tested either scanner with a significant number of virii I cannot state with authority that this is the case. *Although*, from my own experience in virus detection, Kapersky has always detected virii that AVG, AntVir, Norton, and McAfee have not, so my own confidence in the product is high, and therefore I personally see no reason to have the two plugins running successively. Hope this is OK ;) ACM Perhaps a vulnerability for Outlook users but not for you. ;) True enough. But: ACM ...if you store your attachments with the message. If you don't then ACM the file is already stored on the disk) ... That means it's a vulnerability of course. And I agree that TB! users should have protection in place to scan attachment folders, but not everyone will have. This means that the virus has for all intents and purposes passed through any defenses without detection. - -- Slán, Simon theycallmesimon.co.uk ___ Faffing about with TB! v1.61 on W2K SP3 PGP Key: http://pgp.netbanger.com/ -BEGIN PGP SIGNATURE- Comment: Privacy is freedom. Protect your privacy with PGP! Comment: KeyID: 0x5C7E8966 Comment: Fingerprint: 851C F927 0296 FF1C 70A2 474F CB6E 6FFE 5C7E 8966 iQA/AwUBPbx4Ystub/5cfolmEQK/1wCgkhkZPBivP9B8va5Wb9aDrGr6wAEAn09T xXRdanZgGxYT72C2pdEgY1TI =eDxv -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hi Simon! In message mid:15341266296.20021027233602;theycallmesimon.co.uk on Sunday, October 27, 2002, 5:36:02 PM, you wrote: S I understand what you are saying, and of course why you logically question S this, but I personally don't really want to go through a library of virii S testing each scanner with each virus just to see how they compare. I can S change the wording if you like.. here goes: S If, under fair testing, Kapersky and AVG were found to compare equally when S detecting virii, then there would of course be no real advantage having both S plugins installed under TB!. However, as I have not tested either scanner S with a significant number of virii I cannot state with authority that this S is the case. *Although*, from my own experience in virus detection, Kapersky S has always detected virii that AVG, AntVir, Norton, and McAfee have not, so S my own confidence in the product is high, and therefore I personally see no S reason to have the two plugins running successively. You might ne interested in these sites: http://www.virusbtn.com/ http://www.icsalabs.com/ -- --Scott. mailto:Wizard;local.nu Using The Bat! 1.61 under Windows XP 5.1 Build 2600 on an AMD Athlon XP 1900 (1.6G real, 1.9G effective) with 512MB. Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In mid:1050671.20021027171952;local.nu, Scott Mcnay [SM] wrote:' SM A properly-implemented AV program *should* consider the EICAR SM test virus to be a real virus. Otherwise, it defeats the SM purpose of even having a test. The eicar test virus *was* detected both scanners on my machine. I was referring to all those other test files. - -- Allie C Martin \ TB! v1.62/Beta7 WinXP Pro (SP1) List Moderator/ PGP Key - http://pub-key.ac-martin.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (Win32) - GPGshell v2.60 iD8DBQE9vH+sV8nrYCsHF+IRAnG/AJ49QjztcVNYA5RfKF26PWNl6XlqIgCg3v4C 9ujfAzO0vFZovVsspOyAsT8= =06Na -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In mid:15341266296.20021027233602;theycallmesimon.co.uk, Simon [S] wrote:' S I don't think it is a question of, 'are they supposed to?', but S rather, 'can they?'. And of course Kapersky can, so to me it S simply means Kapersky is providing more prophylactic power S than AVG. For stopping harmless test files? I don't know how popular those test files are apart from eicar.com which is well known (note that eicar is picked up by most scanners). An A-V scanner that stops and weeds out files just based on their file type isn't really a scanner. Why spend all those resources on updating definitions? It's much simpler to just input the file types to scan for and bring up a loud alert when one comes in. This is what this website seems to be saying. This has already been implemented in TB! through its inbuilt filetype restrictions. That's a nice simple way of implementing what you're referring to. TB! also doesn't run HTML based scripts and Active X controls. As a TB! user, you don't actually need the scanner to pass that test. :) S If the software safeguards against viruses and known exploits S then I'm pretty happy about that. That's all an A-V Scanner should do. Not weed out files merely based on file type. Warnings should be issued by your e-mail client. Of course, Outlook is a different beast and it would seem that it does need something to prevent these filetypes being downloaded to it at all. But which application is lacking here? Is it the A-V Software or is it Outlook? ACM It could just mean that your virus scanner doesn't simply ACM consider any file with a .vbs extension a virus. S :-/ Sorry, but I think you kind of miss the point really Allie. S Being as we are considering email file attachments; how do most S infections occur? Unprotected email users! I think it is a S prudent safeguard to treat any file with a vbs extension, or a S double extension ending in .vbs, being delivered by email, as S suspicious, and the fact that an AV scanner like Kapersky does is S all the better for the end user IMO. Put it this way, I'd rather S be notified than not! ACM The statement above just seems ridiculous to me S Well of course, they are trying to sell you their product after S all, so what do you expect? g You agree with me here which is the very essence of the point I was making that you responded to by saying that I missed the point. What's the pointing of making an issue about .vbs filetypes, declaring your machine vulnerable to a .vbs test file when it's just as vulnerable to .exe, .cmd and .com files. If you can run those from the desktop, no problem, it would appear. However, if you can run a .vbs file from the desktop, then you're vulnerable to attack. Yeah,.. right! I'd say that they have missed the point that it's the user that has to be very careful about any of these files. Software cannot replace this necessary ingredient without crippling the system. They're trying all sorts of things and are slowly falling back to crippling the system or shooting wide ... just catch any suspicious filetype. Of course the user expecting the file shouts an angry foul and loses faith in his scanner. It's getting in the darned way. After a while he switches it off. Uh-oh not good. S *Although*, from my own experience in virus detection, Kapersky S has always detected virii that AVG, AntVir, Norton, and McAfee S have not, so my own confidence in the product is high, and S therefore I personally see no reason to have the two plugins S running successively. Ok. ACM Perhaps a vulnerability for Outlook users but not for you. ;) S True enough. But: ACM ...if you store your attachments with the message. If you don't then ACM the file is already stored on the disk) ... S That means it's a vulnerability of course. Your real-time scanner will prevent you from running it. If your A-V Scanner doesn't pick it up with the real-time scanner, it will not pick it up any other way, including through e-mail scanning. S And I agree that TB! users should have protection in place to S scan attachment folders, but not everyone will have. Why not? Navigate to it and scan it. S This means that the virus has for all intents and purposes passed S through any defenses without detection. It's yet to be opened an then caught by the realtime scanner. It's yet to be caught by the system wide scans that you may perform on a daily basis. - -- Allie C Martin \ TB! v1.62/Beta7 WinXP Pro (SP1) List Moderator/ PGP Key - http://pub-key.ac-martin.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (Win32) - GPGshell v2.60 iD8DBQE9vIeEV8nrYCsHF+IRAlYbAJ0V6vxFlPnUFtvLZVr4Zghe6rdkLwCeJjrQ MpmjHI3cP6Hp+qvEwryWE1k= =9W1R -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hi Allie! In message mid:140215282529.20021027194038;landscreek.net on Sunday, October 27, 2002, 6:40:38 PM, you wrote: ACM For stopping harmless test files? I don't know how popular those ACM test files are apart from eicar.com which is well known (note that ACM eicar is picked up by most scanners). ACM An A-V scanner that stops and weeds out files just based on their ACM file type isn't really a scanner. Norton picks up the MIME header vulnerability and VBS header vulnerability as VBS.Vbswg2.gen. Go here for details: http://securityresponse.symantec.com/avcenter/venc/data/vbs.vbswg2.gen.html -- --Scott. mailto:Wizard;local.nu Using The Bat! 1.61 under Windows XP 5.1 Build 2600 on an AMD Athlon XP 1900 (1.6G real, 1.9G effective) with 512MB. Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 'Lo Allie, On Sun, 27 Oct 2002 19:40:38 -0500 your time, you authored this: ACM For stopping harmless test files? I don't know how popular those ACM test files are apart from eicar.com which is well known (note that ACM eicar is picked up by most scanners) shakes head Comon, that isn't the point and you well know it. The fact that those test files are really harmless isn't the point, but the fact that that files with those extensions are capable of causing 'harm' is. Therefore, a scanner that can 'weed' out files that can be used as exploits through a vulnerable information exchange medium such as email is obviously advantageous to end users. ACM This has already been implemented in TB! through its inbuilt filetype ACM restrictions. Yes, I'm aware of that :) ACM That's a nice simple way of implementing what you're referring to. No, that's not in context. I wasn't referring to that particularly, or singularly, but rather suggesting overall that I was happy to use a scanner with such extra features. Personally speaking, I like the fact that the authors of the software are covering all bases, whether the extras are considered excessive or not. Obviously in the case of the Kapersky authors they don't :) ACM TB! also doesn't run HTML based scripts and Active X controls. As a TB! ACM user, you don't actually need the scanner to pass that test. :) I might not need it, but not everyone runs TB! and as AV packages are not authored solely for TB! I think it is a valid extra, even if redundant in this instance. ACM Warnings should be issued by your e-mail client Yeah, but we are talking real world not ideals. OK, so some email clients like TB! are at the forefront, providing client based protection, but it isn't a matter of what should be but rather what is, and the fact is that not all clients do, so extra protection is warranted. ACM You agree with me here which is the very essence of the point I was ACM making that you responded to by saying that I missed the point. I don't think so ;) In this instance I was happy to indicate some agreement, but only to the extent that I was agreeing that any claims made by companies pushing a product were usually exaggerated, or excessive, and most people of course seemed to be aware of that. In other words, the fact that you found the 'sell' ridiculous was unexpected, as generally speaking it's just accepted for what it is, and I shalln't say what 'it is' descriptively :) So, there was no self-contradiction there at all, as you suggest. ACM What's the pointing of making an issue about .vbs filetypes I think the point is one of familiarity. Not every user is going to be as familiar with .vbs extensions, for example, as they are .com or .exe types. Generally speaking, even the most basic of user gets to grips with the dangers of running .com and .exe files, as they are commonplace extensions on a Windows system, and so understand them as being executable files, but as other executable file extensions aren't commonly used by the less advanced users they may be unfamiliar with what they are, what they can do, and therefore the dangers they could pose. From your position I can see how you can see that it's ridiculous though. ACM I'd say that they have missed the point that it's the user that has to ACM be very careful about any of these files. Again, in and ideal world that would be fine. But it aint, and users don't and won't do as they should always, and I don't think they deserve to get infected because of it. Some people might call those types lamers or whatever - a term I hate - but it's not their fault that there is a war against Microsoft going on and they happened to get caught up in the middle of it. I think that the more optional idiot-proof protections there are in place the better. It means that all levels of user are afforded protection, not just those with plenty of air miles behind them. ACM Why not? Navigate to it and scan it. I will. But see above para :) ACM It's yet to be opened an then caught by the realtime scanner. It's yet ACM to be caught by the system wide scans that you may perform on a daily ACM basis. That's not the point. The point is that an infected file is able to pass through initial defences and get stored on the disk by using a fragmented email, when it would obviously be preferable that it didn't. But that is an ideal, like some of yours I suppose :) I didn't say that it was a disaster, but it is a vulnerability of sorts. - -- Slán, Simon theycallmesimon.co.uk ___ Faffing about with TB! v1.61 on W2K SP3 PGP Key: http://pgp.netbanger.com/ -BEGIN PGP SIGNATURE- Comment: Privacy is freedom. Protect your privacy with PGP! Comment: KeyID: 0x5C7E8966 Comment: Fingerprint: 851C F927 0296 FF1C 70A2 474F CB6E
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In mid:17549403453.20021028015139;theycallmesimon.co.uk, Simon [S] wrote:' S I might not need it, but not everyone runs TB! and as AV packages S are not authored solely for TB! I think it is a valid extra, even S if redundant in this instance. Since you posted your findings to this list, I thought your post which provoked my initial reply was intended for readers of this list who use TB!. I then assumed that we were assessing the soundness of A-V software in the context of a TB! user. I've always replied with TB! as my main focusing point. I did bring up Outlook to demonstrate why crippling a system with a virus scanner may be the only way to protect the system or any other tool that prevents execution of dangerous file-types. Most of the test exploits directly target Outlook users. As a TB! user, you stated your preference of scanners which seemed to be based on the tests you did. This seemed odd since TB! without the use of a scanner can make you pass these test exploits. It is this very positive point in TB!'s favour that made me reply in the first place. It's a good example of how an e-mail application should be designed to help the user prevent his machine from being exploited. I don't know how many of the readers here realize that as TB! users, the results of those tests you did don't really matter, and that checking weeding out dangerous file-types isn't really scanning for viruses. So if your A-V software doesn't support this, not to worry. TB! already does this for you, as it really should. As a TB! user, it's not really valid to choose to use Kapersky over AVG because of how one performs with these tests as opposed to the other. Of course, you later made it clearer that you've had real world experiences with viruses that demonstrated to you that Kapersky is the better product for you and I grant you that. No argument there at all. S Yeah, but we are talking real world not ideals. I thought we were on-topic, i.e., talking about A-V software in the context of TB! and making decisions on which to use, in the context of a TB! user, and which tests are worth doing or looking at in the context of a TB! user? It would seem that I misunderstood your intent because it wasn't really clear in the original instance. S OK, so some email clients like TB! are at the forefront, S providing client based protection, but it isn't a matter of what S should be but rather what is, and the fact is that not all S clients do, so extra protection is warranted. I have no argument there. Never did. S I think the point is one of familiarity. Not every user is S going to be as familiar with .vbs extensions, for example, as S they are .com or .exe types. Generally speaking, even the most S basic of user gets to grips with the dangers of running .com S and .exe files, as they are commonplace extensions on a Windows S system, and so understand them as being executable files, Are you sure about this? :) S but as other executable file extensions aren't commonly used by S the less advanced users they may be unfamiliar with what they S are, what they can do, and therefore the dangers they could pose. S From your position I can see how you can see that it's ridiculous S though. - From my experience with trying to give advice to novices, I still think so. I have a difficult time speaking about file-types. I get a high incidence of blank faces reluctant to make the effort to understand what I'm saying. They look at me pleading for an easier way to protect themselves. I have greater success talking about attachments being dangerous in general, and there's usually understanding when I advise them to treat all attachments with extreme care, to delete them without prejudice once there's any suspicion about them (they're from unknown senders, not explicitly described in the message body or unexpected). Additionally, even if the attachment passes all these tests, they need to check it with a scanner. Thankfully, most scanners run right out of the box and scheduling updates is easy. If I can't get them to run TB! or some other safe client, I'll remember to recommend Kapersky to them. :))) S Again, in and ideal world that would be fine. But it aint, and S users don't and won't do as they should always, and I don't S think they deserve to get infected because of it. Some people S might call those types lamers or whatever - a term I hate - S but it's not their fault that there is a war against Microsoft S going on and they happened to get caught up in the middle of it. I understand and agree with your sentiments. But what has it got to do with TB! which is what this initial discussion was about, i.e,, testing for e-mail exploits? :) S I think that the more optional idiot-proof protections there are S in place the better. It means that all levels of user are S afforded protection, not just those with plenty of air miles S behind them. Sure. I agree.
Re: antivirus plugin with fragmented email
Hello Paul, On Sun, 27 Oct 2002 16:51:50 -0500 GMT (28/10/02, 04:51 +0700 GMT), Paul Cartwright wrote: I got sent an email with the bugbear virus. AVG quarantined it, no problem. I sent the sender a message and he found a koo.exe file on his PC. He uses eudora, not OE or OL, I was surprised! I tried to talk him into TB, but he couldn't get his files moved over and he gave up. Which files couldn't he get moved over? Maybe we can help out. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Auf Boot`s Hustenmedizin fur Kinder: Nach der Einnahme dieser Medizin nicht Auto fahren oder Maschinen bedienen. Message reply created with The Bat! 1.62/Beta7 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hi Allie! In message mid:63222346407.20021027213828;landscreek.net on Sunday, October 27, 2002, 8:38:28 PM, you wrote: S they are .com or .exe types. Generally speaking, even the most S basic of user gets to grips with the dangers of running .com S and .exe files, as they are commonplace extensions on a Windows S system, and so understand them as being executable files, ACM Are you sure about this? :) Since one of my job is support tech, I was thinking the same thing. :) Many users seem to have no clue about file extensions, especially if their Windows is set to hide file extensions. -- --Scott. mailto:Wizard;local.nu Using The Bat! 1.61 under Windows XP 5.1 Build 2600 on an AMD Athlon XP 1900 (1.6G real, 1.9G effective) with 512MB. Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hi Anne! In message mid:142130087802.20021028030202;gmx.co.uk on Sunday, October 27, 2002, 9:02:02 PM, you wrote: A Interestingly enough Nod32 -which is another of the highly rated AV A programs- doesn't detect the eicar test file, and when asked about A this their response apparently was that Nod32 was designed to detect A real viruses not test files! The entire purpose of the EICAR test virus is to be able to confirm that the antivirus software is indeed installed and working properly. -- --Scott. mailto:Wizard;local.nu Using The Bat! 1.61 under Windows XP 5.1 Build 2600 on an AMD Athlon XP 1900 (1.6G real, 1.9G effective) with 512MB. Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In mid:884020203.20021027205132;premiernet.net, Mary Bull [MB] wrote:' MB I've been reading Allie to Simon. Seems like a plug-in is not MB really necessary, anyway. Though not absolutely necessary, it can be useful, and I personally recommend using it if you have it available. See mid:108215589841.20021027194545;landscreek.net - -- Allie C Martin \ TB! v1.62/Beta7 WinXP Pro (SP1) List Moderator/ PGP Key - http://pub-key.ac-martin.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (Win32) - GPGshell v2.60 iD8DBQE9vKqvV8nrYCsHF+IRAiZ3AJ46+zmCn4p+xgtlvVy+yHGWslNwOACgojdT OXUp7HLQqJTCWMJA/ZRyIx8= =eKqf -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hello Allie, On Sun, 27 Oct 2002 21:38:28 -0500 GMT (28/10/02, 09:38 +0700 GMT), Allie C Martin wrote: PMFJI. S I think the point is one of familiarity. Not every user is S going to be as familiar with .vbs extensions, for example, as S they are .com or .exe types. Generally speaking, even the most S basic of user gets to grips with the dangers of running .com S and .exe files, as they are commonplace extensions on a Windows S system, and so understand them as being executable files, Are you sure about this? :) There are those and those. Those that do understand which file extensions are dangerous but have set their Windows Explorer to not show known extensions. So they won't ever see files with .scr extension or such. And then there are those who don't know what an extension is. - From my experience with trying to give advice to novices, I still think so. I have a difficult time speaking about file-types. I get a high incidence of blank faces reluctant to make the effort to understand what I'm saying. I have made the same experience. and there's usually understanding when I advise them to treat all attachments with extreme care, to delete them without prejudice once there's any suspicion about them This is usually the moment when they smile at me pityfully. what if the forward is indeed a picture of Anna Kournikova? Should they delete it, just because it *may* contain a virus? No way, Jose. S Again, in and ideal world that would be fine. But it aint, and S users don't and won't do as they should always, and I don't S think they deserve to get infected because of it. Some people S might call those types lamers or whatever - a term I hate - S but it's not their fault that there is a war against Microsoft S going on and they happened to get caught up in the middle of it. I understand and agree with your sentiments. Well, I don't. Microsoft isn't the victim of a war. It would be easy for them to not allow IFrame and such, or at least ask user's confirmation before such is started. MS are fully aware of the security risk which they label useer friendliness, and which has cost economies millions of dollars, but they chose not to do anything about it. The reason most viruses are written for OL/OE is not only that those mailers are the most widely used. But also because it is so easy to write viruses for them. And this is why MS is a contributor to the virus-community: they keep it easy for them, not intention to ever put in safeguards. Even where safeguards are in the software and can be turned on, the default is to have them turned off. No, MS is not a victim, they make mailicious virus spread easy, because they choose to. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. I'd give my right arm to be ambidextrous. Message reply created with The Bat! 1.62/Beta7 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
On Mon, Oct 28, 2002 at 02:41:25AM + or thereabouts, Anne wrote: Sunday, October 27, 2002, 5:17:02 AM, Mary wrote in message mid:829761099.20021027001702;premiernet.net MB But the plug-in came with it. I have described this at such length, MB because maybe you are supposed to have the plug-in there to enable at MB the click of a mouse, and the code you got (whether download or disk, MB I didn't know) left it out, the way my driver got left out. My Kaspersky came on a CD Mary, and I have checked and there's no mention of a plugin at all anywhere on the CD. It may be because I use the Personal edition and you have the Pro one? Anne, As an afterthought, I purchased the Personal Kaspersky edition, last January, for $49, I believe. It worked well, and even on their site, said it would have a plug-in for TB!... Well this turned out not to be true, even though it said so on their web site. You now must have the Pro edition which costs about $99 to get the plug-in for TB!... I was really upset about this, and do not plan on renewing my subscription. I currently use AVG when in Windows, and it is free, with a plug-in. -- Best regards, Gary Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hi Simon, On Sunday, October 27, 2002 23:36 your local time, (Monday, 05:21 my local time), you wrote: I don't think it is a question of, 'are they supposed to?', but rather, 'can they?'. And of course Kapersky can, so to me it simply means Kapersky is providing more prophylactic power than AVG. If you turned on 'Use Heuristic' option in AVG control center (Resident Shield tab), you may find that AVG also catches these 'probable' virus types. -- be well, Sudip Pokhrel |/\ PM: [EMAIL PROTECTED] |\ / ASCII Ribbon Campaign PGP Key ID: 0xD93F5185| X Against HTML E-mail ! http://pgpkeys.mit.edu|/ \ ___ In the beginning the Universe was created. This has made a lot of people very angry and been widely regarded as a bad move. - Douglas Adams ___ TB! v1.61 on XP Pro| P4-1.6Ghz 256MB RAM| Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hi Anne, On Monday, October 28, 2002 03:02 your local time, (08:47 my local time), you [A] wrote: A Interestingly enough Nod32 -which is another of the highly rated AV A programs- doesn't detect the eicar test file, and when asked about A this their response apparently was that Nod32 was designed to A detect real viruses not test files! Ahh.. so they are not the part of EICAR consortium -- be well, Sudip Pokhrel |/\ PM: [EMAIL PROTECTED] |\ / ASCII Ribbon Campaign PGP Key ID: 0xD93F5185| X Against HTML E-mail ! http://pgpkeys.mit.edu|/ \ ___ If the enemy is in range, so are you ___ TB! v1.61 on XP Pro| P4-1.6Ghz 256MB RAM| Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hi Allie, On Sunday, October 27, 2002 19:40 your local time, (Monday, 06:25 my local time), you wrote: An A-V scanner that stops and weeds out files just based on their file type isn't really a scanner. I don't think this behavior is hard-coded into any reputable AV scanners so they cannot be blamed on their entirety - they should have an option to disable heuristic analysis feature. But, if an AV package does this by default, with no option to turn it off, then I agree with you: it's not really a scanner And in case of Kaspersky (or in case of Simons' copy of it), the heuristic feature was probably turned on by default. AVG also has this feature but is turned off by default. Maybe Dr. Web also has an option to use heuristics shrug -- be well, Sudip Pokhrel |/\ PM: [EMAIL PROTECTED] |\ / ASCII Ribbon Campaign PGP Key ID: 0xD93F5185| X Against HTML E-mail ! http://pgpkeys.mit.edu|/ \ ___ Religion cannot be without morality, but morality may arrive without religion ___ TB! v1.61 on XP Pro| P4-1.6Ghz 256MB RAM| Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In mid:519063125.20021028105400;ntc.net.np, Sudip Pokhrel [SP] wrote:' SP And in case of Kaspersky (or in case of Simons' copy of it), the SP heuristic feature was probably turned on by default. AVG also SP has this feature but is turned off by default. Maybe Dr. Web SP also has an option to use heuristics shrug Both NOD32 and DrWeb have heuristic scanners but except for eicar, they didn't pick up the test files as being viruses. - -- Allie C Martin \ TB! v1.62/Beta7 WinXP Pro (SP1) List Moderator/ PGP Key - http://pub-key.ac-martin.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (Win32) - GPGshell v2.60 iD8DBQE9vMf+V8nrYCsHF+IRAqwZAJ9iYiT3bQDYwVJz8PRsYHGvb4YNewCg7P1H flIXfxXG4H+y0YlyeI3j6ZQ= =RelW -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hi Allie, On Monday, October 28, 2002 00:15 your local time, (11:00 my local time), you wrote: Both NOD32 and DrWeb have heuristic scanners but except for eicar, they didn't pick up the test files as being viruses. Even with Heuristic feature turned on? That would probably mean Kaspersky has aggressive levels of heuristics algorithms coded in it - with touch of paranoia :) -- be well, Sudip Pokhrel |/\ PM: [EMAIL PROTECTED] |\ / ASCII Ribbon Campaign PGP Key ID: 0xD93F5185| X Against HTML E-mail ! http://pgpkeys.mit.edu|/ \ ___ The word listen contains the same letters as the word silent ___ TB! v1.61 on XP Pro| P4-1.6Ghz 256MB RAM| Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hello Simon, On Sunday, October 27, 2002 at 10:30:10 PM you [S] wrote (at least in part): PP None of them is a virus. Excluding the 'eicar.com [1/5]' which can't PP be detected, all of the rest are 'exploits', no viruses. S umm, yeah, that's what I said, as in: S of all the exploits I'm sorry. This comments were not only intended to be directed to you, but to all who read this list :-) Form my PoV it didn't came out very clearly the 'uncatched' mails contained no viruses but 'only exploits', especially that The Bat! ain't vulnerable to them. So I wanted to make that explicitly clear, before the 'scream and shout' about eventually missing capabilities starts :-) -- Regards Peter Palmreuther (The Bat! v1.62/Beta7 on Windows 2000 5.0 Build 2195 Service Pack 1) Everybody wants to go to heaven, but nobody wants to die. Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Hello Lourdes, Saturday, October 26, 2002, 3:48:11 AM, you wrote: LJ I'm interested in knowing if the Anti-Virus plugins will catch the LJ fragmented email (eicar.com attachment) as part of the incoming LJ checks. In other words is the scanning done before or after the LJ assembly into a single message? I am running Kaspersky Lite which does not use a plug in. The Fragmented mail was reassembled but Kaspersky warns when you try to open the attachment, then blocks opening it. LJ With my current program the virus gets through since the scan is LJ done prior to assembly. It would be nice to know if the plugin LJ fills in this hole :) -- Best regards, Scottmailto:scott451;gmx.co.uk Using The Bat! 1.60h under Windows 98 4.10 Build A pgp key: mailto:scott451;gmx.co.uk?Subject=PGPPubKey1Body=Please%20send%20keys Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: antivirus plugin with fragmented email
Saturday, October 26, 2002, 10:48:11 AM, Lourdes wrote in message mid:140196901.20021026054811;gateway.jones LJ I'm interested in knowing if the Anti-Virus plugins will catch the LJ fragmented email (eicar.com attachment) as part of the incoming LJ checks. In other words is the scanning done before or after the LJ assembly into a single message? LJ With my current program the virus gets through since the scan is done LJ prior to assembly. It would be nice to know if the plugin fills in LJ this hole :) I'd be interested to know this also, as when I ran the checks recently my AV (Kaspersky) allowed the reconstruction of the fragments before it checked the mail. Also, is there a Kaspersky plugin for TB and if so where would I find it to try please? -- Cheers, Anne Using The Bat! v1.61 on Windows 98 4.10 Build A Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
