Re: Virus warning upon execution of mail download
Hello Avi, On Wed, 16 Jun 2004 11:53:19 -0500 GMT (16/06/2004, 23:53 +0700 GMT), [EMAIL PROTECTED] wrote: scc I would like to thank Thomas Fernandez and everyone else who wrote in scc regarding the virus warning I received upon downloading mail. You're welcome. :-) scc [Now, could someone PLEASE help with the other problem I posted scc to the list the other day regarding copying the prgram to my scc laptop?] Please re-post. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. I'm currently fasting to protest hunger strikes. Message reply created with The Bat! 2.11 under Chinese Windows 98 4.10 Build A using a Pentium P4 1.7 GHz, 256MB RAM Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Virus warning upon execution of mail download
Hello Tony, On Sun, 13 Jun 2004 08:51:39 +0200 GMT (13/06/2004, 13:51 +0700 GMT), Tony wrote: a eTrust EZ Antivirus real-time protection has found that a C:\DOCUME~1\AVRAM\LOCALS~1\Temp\bat653.tmp is HTML.ObjectDataHTA a dropper TF See above. It is a good idea to exclude the temp folder from AV TF scanning, or at least exclude bat*.tmp files within that folder from TF the real-time scan. T I'm not sure that helps (in all cases) It would help in above case. T It probably depends on the AV but some programs don't just scan the T files but the POP3/MAPI data stream. So the AV kick into action T even before the virus gets written to disk. Not in the above case, and then there wouldn't an a file name. T So excluding the scanning directory won't help. T A 'solution' could be not to scan e-mail at all. That's what I do: not scan emails. T The virus will just wait to get activated by Reading the e-mail or T something. That's only possible with Microsoft products. T At that time the other part of your AV should kick in. The AV should kick in when I ask it. That's how I have set it: It I do want to open an attachment, I ask the doctor (PC-Cillin): Does this file contain a virus? T But I don't like that solution because I want to kill the virus asap. I do that with the del key. T And I don't like TB! forcing me to change AV. It isn't. You only need to adjust your settings to your environment and your desired behaviour. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Avoid cliches like the plague (They're old hat.) Message reply created with The Bat! 2.11 under Chinese Windows 98 4.10 Build A using a Pentium P4 1.7 GHz, 256MB RAM Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Virus warning upon execution of mail download
Hello Avrim, On Sun, 13 Jun 2004 02:06:09 -0500 GMT (13/06/2004, 14:06 +0700 GMT), achdut wrote: a If I understand correctly, [...] Is this correct. Yes, perfectly. a How do I delete the message on the server using TB's mail despatcher. a And, just exactly, what IS TB's mail despatcher (dispatcher?) It's a utility with which you can manage mails on the (POP) server: Account / Despatch Mail on Server / All messages. a It would appear that these files are in the Temp subdirectory. The despatcher shows you the mails on the server, before they even get to the temp directory. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Finally 21, and Legally Able to Do Everything I've Been Doing Since 15. Message reply created with The Bat! 2.11 under Chinese Windows 98 4.10 Build A using a Pentium P4 1.7 GHz, 256MB RAM Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Virus warning upon execution of mail download
Hello Thomas Thank you for your email dated Sunday, June 13, 2004, 6:35:20 AM, in which you wrote: Oh, and referring to another thread: This problem doesn't exist with plug-ins. That's the other advantage of AV plug-ins for TB. I don't have this problem using NOD32 independently. It flags an incoming virus-laden message, I delete it, end of story. -- Regards William Flying with The Bat! www.ritlabs.com/the_bat Windows 2000 Pro 2195 Service Pack 4 Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Virus warning upon execution of mail download
Hi William, On Sunday, June 13, 2004, at 12:52:08 AM PST, you wrote: I don't have this problem using NOD32 independently. It flags an incoming virus-laden message, I delete it, end of story. I've been using NOD32 for a few years now (since v1.x), and I really like the way v2 is working (no more need to configure that old POP3 scanner module). I don't use a TB! plug-in, and messages aren't repeatedly downloaded to the temp folder. Once I delete an infected message at the point NOD32 detects it (during new message download), I delete it, and never hear from it again. :-) -- Melissa PGP public keys: mailto:[EMAIL PROTECTED]Body=Please%20send%20keys TB! v2.11.02 on Windows XP 5.1.2600 Service Pack 1 pgpRY7VoaXV6k.pgp Description: PGP signature Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Virus warning upon execution of mail download
Hello achdut, On Sun, 13 Jun 2004 02:29:44 -0500 GMT (13/06/2004, 14:29 +0700 GMT), achdut wrote: TF The despatcher shows you the mails on the server, before they even TF get to the temp directory. a If I use this utility, will I be able to identify which messages to a delete, or will it automatically delete all of them before I get a a chance to say yes or no? You have full control. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Bureaucrats do not change the course of the ship of state. They merely adjust the compass. Message reply created with The Bat! 2.11 under Chinese Windows 98 4.10 Build A using a Pentium P4 1.7 GHz, 256MB RAM Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Virus warning upon execution of mail download
Hello Tony, On Sun, 13 Jun 2004 09:41:02 +0200 GMT (13/06/2004, 14:41 +0700 GMT), Tony wrote: TF The AV should kick in when I ask it. That's how I have set it: It I do TF want to open an attachment, I ask the doctor (PC-Cillin): Does this TF file contain a virus? T I *will* forget to ask the doctor for sure :( T That's why I have set everything to automatic. Then don't complain about it nanny-ing you, or alternatively download the mind-reading plug-in. T But I don't like that solution because I want to kill the virus asap. TF I do that with the del key. T But only after you started reading your incoming mail. I am not vulnerable at that time, because I use TB. T As you said there is no problem opening a virus mail on a non MS T client. That's a simplification. I said that MS-clients have been known to be necessary tools for many viruses to spread. Also, using TB means a virus *cannot* activate upon reading a mail. That's is the reason why my mother insisted on TB and refused to even learn Outlook when she got a POP-account. T I'm on other high volume lists where a large percentage uses Outlook T (express) T All people with good intentions. But sometimes a virus pops up. T The sender just forwarded an infected mail to the list. T I know it's a 'that happens once in a lifetime' example. It happens all the time. On lists where people use MS-products. If they know it and still use OL/OE, I don't know whether it is good intentions, complete and utter ignorance, or punishable offence. T My point is just that IMO it the duty of every Internet user is to stop T spreading viruses the best s/he can. Even if her/his own system is immune T to it. If their system is immune, they won't catch a virus and won't spread it. If it is the duty of every internet user to stop spreading virus, outlaw OE/OL and you have the main problem fixed. Why are we discussing this here, by the way? -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Home is where you can say anything you like 'cause nobody listens to you anyway. Message reply created with The Bat! 2.11 under Chinese Windows 98 4.10 Build A using a Pentium P4 1.7 GHz, 256MB RAM Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Virus warning upon execution of mail download
* achdut writes: Hello Thomas, Sunday, June 13, 2004, 2:11:14 AM, you wrote: The despatcher shows you the mails on the server, before they even get to the temp directory. If I use this utility, will I be able to identify which messages to delete, or will it automatically delete all of them before I get a chance to say yes or no? Do you really want to start the dispatcher every time you receive a virus? Why don't you exclude The Bat!'s temporary files from scanning? Carsten -- Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Virus warning upon execution of mail download
Hello Melissa Thank you for your email dated Sunday, June 13, 2004, 8:57:20 AM, in which you wrote: On Sunday, June 13, 2004, at 12:52:08 AM PST, you wrote: I don't have this problem using NOD32 independently. It flags an incoming virus-laden message, I delete it, end of story. I've been using NOD32 for a few years now (since v1.x), and I really like the way v2 is working (no more need to configure that old POP3 scanner module). I don't use a TB! plug-in, and messages aren't repeatedly downloaded to the temp folder. Once I delete an infected message at the point NOD32 detects it (during new message download), I delete it, and never hear from it again. :-) Precisely, what could be simpler? :-) It's good to see Eset advertising extensively in the UK now. -- Regards William Flying with The Bat! www.ritlabs.com/the_bat Windows 2000 Pro 2195 Service Pack 4 Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Virus warning upon execution of mail download
Sunday, June 13, 2004, 11:56:53 AM, Thomas Fernandez wrote: On Sun, 13 Jun 2004 09:41:02 +0200 GMT Tony wrote: T [...] All people with good intentions. But sometimes a T virus pops up. The sender just forwarded an infected T mail to the list. I know it's a 'that happens once in a T lifetime' example. [...] If their system is immune, they won't catch a virus and won't spread it. If it is the duty of every internet user to stop spreading virus, outlaw OE/OL and you have the main problem fixed. Why are we discussing this here, by the way? I think Tony is referring to the case where a user manually forwards an email to a list, not realising that it carries a virus payload. This can be done just as well with The Bat! as with OE/OL. Of course the user must take responsibility for their action, and not forward something without understanding the implications, but in this case The Bat! will not stop you forwarding the mail, though it might stop you getting automatically infected. Tim -- Using The Bat! v2.11.02 on Windows XP 5.1 Build 2600 Service Pack 1 Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Virus warning upon execution of mail download
Hello Avram, On Sat, 12 Jun 2004 23:48:46 -0500 GMT (13/06/2004, 11:48 +0700 GMT), achdut wrote: a eTrust EZ Antivirus real-time protection has found that a C:\DOCUME~1\AVRAM\LOCALS~1\Temp\bat653.tmp is HTML.ObjectDataHTA a dropper You are trying to download a mail that has a virus. TB will always download to the temp file first before importing into the message base. Your AV program quarantines the .tmp file, as the mails contains a virus. That's what you told your AV software to do. a I installed the MS patch for this virus and have run a scan of the pc. Nothing to do with this. Your PC is running as it should. Your setting in the AV software is what's causing this. a However, I continue to get warning messages each time I download a e-mail. The message is always the same, except that the number a changes. Of course. As TB hasn't successfully downloaded and imported the mail, it will try to do so at every mail check. This will not stop unless you delete the message on serever using TB's mail despatcher, or turn off your over-eager AV program. a Does anyone know what is going on and how I can get this to stop? See above. It is a good idea to exclude the temp folder from AV scanning, or at least exclude bat*.tmp files within that folder from the real-time scan. Oh, and referring to another thread: This problem doesn't exist with plug-ins. That's the other advantage of AV plug-ins for TB. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Follow your dream! Unless it's the one where you're at work in your underwear during a fire drill. Message reply created with The Bat! 2.11 under Chinese Windows 98 4.10 Build A using a Pentium P4 1.7 GHz, 256MB RAM Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
