Re: e33 (this list and attachments)
I'm surprised the mailing list itself lets attachments go through. Isn't that kind of odd, and something that ought to be prevented? (I'm going to be unsubscribing until it is fixed, in any case.) -- John De Hoog http://dehoog.org Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Attention! It seems you have got a virus on your machine! Please make sure you have the latest update of your virus scanner and check all your files right away! Take care, John Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33 (this list and attachments)
ON Friday, November 8, 2002, 8:42:07 AM, you wrote: JDH I'm surprised the mailing list itself lets attachments go through. JDH Isn't that kind of odd, and something that ought to be prevented? John, In the past it has been proven useful to be able to send attachments to the list for analysis of certain features/problems with TB!. So that's why it is enabled on this list and not on others. Everybody on this list knows or should know that you shouldn't just send attachments without a reason. If you feel there is a risk a catching a virus this way I suggest you use a good virus checker. A virus might arrive in your everyday mail :( -- Best regards, Gerard -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Sudden success at golf is like the sudden acquisition of wealth. It is apt to unsettle and deteriorate the character. And, as it comes almost miraculously, so only a miracle can effect a cure. ==P.G Wodehouse - THE MAGIC PLUS FOURS == Using The Bat! v1.61 on Windows 2000 5.0 Build 2195 Service Pack 3 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33 (this list and attachments)
Gerard wrote... If you feel there is a risk a catching a virus this way I suggest you use a good virus checker. A virus might arrive in your everyday mail :( I do have virus checkers on all my machines, but it's still surprising to get one from a mailing list, where I have no control over who the sender is. -- John De Hoog http://dehoog.org Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
On 08 November 2002 at 02:36:31 in mid:79720402.20021107203631;certiflexdimension.com Jonathan wrote: JA -BEGIN PGP SIGNED MESSAGE- JA Hash: SHA1 JA On Thursday, November 07, 2002, Gary wrote... Hello Scott, AKA John ;) ... JA No offence, but don't you think the attitude is a little rude? ... I'd be more sympathetic to Gary's response if he'd actually sustained damage as a result of John's posting. But as you say, mistakes happen. IMO one of the strengths of TBUDL is its ethos of respect, tolerance and courtesy. BTW why *are* attachments allowed ? -- Keith Anderson The Bat! v1.61 on Windows 2000 5.0 Build 2195 Service Pack 3 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Keith, 8-Nov-2002, 09:07 Keith Anderson [KA] in mid:49203029821.20021108090748;offspin.net said: JA No offence, but don't you think the attitude is a little rude? I thought it a little rude myself (sorry Gary!) but since no offence was taken the incident can now be passed as resolved at that level. KA ... IMO one of the strengths of TBUDL is its ethos of respect, KA tolerance and courtesy. I'd like to think that too. KA BTW why *are* attachments allowed ? ... because our servers are not able to filter message attachments, they can only block messages of excessive size. The limit has been 40kb and I have just dropped it to 25kb (which should be enough for most of us). That wouldn't have stopped the eicar test (at on 3kb it's pretty lean) but it would stop a real virus. The server is, however, capable of removing specific MIME types of attachments. I could put in a list of MIME types to screen and strip. Does anyone have any suggestions of a good filter set for that? - -- Cheers -- .\\arck D Pearlstone -- List moderator TB! v1.62/Beta7 on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1rc1-nr1 (Windows 2000) iD8DBQE9y5E3OeQkq5KdzaARAkmvAJ93zFO08vu+txlML+NsT02zPQXe8ACgw+mS eymASZk0AzgqkUBAfBw4N/w= =Ygoi -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
e33
Hello all, My AVG did *not* pick up the eicar test file. (I get the list messages a a digest). I am worried now. How do I test whether I am safe? -- Regards, Ochrid _ The Bat! v1.62b7 op Windows XP _ Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
On Friday, November 8, 2002, 10:35:41 AM, Ochrid wrote: O My AVG did *not* pick up the eicar test file. My AVG did. O (I get the list messages a a digest). Does the digest mode discard attachments? Could that be why? O I am worried now. O How do I test whether I am safe? Are you running the most recent virus definitions from AVG? When did you last update? My AVG updates automatically every two days, I just did a manual download a minute ago there's a new update - so it must be less than 48 hours since the last one. -- Deborah Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hello Thomas! On Friday, November 8, 2002 at 4:25:29 AM you wrote: Can we just do away with automated replies? They have never been anything else but a nuisance. Sure you can do a lot with TB, but this is a feature I'd like to see permanently disabled. Not completely but it should be disabled for mailing lists. BTW, your last sig cookie was a bit ... racy, wasn't it. Not that *I* mind, but as was pointed out by yourself this week, this is a family channel ... -- Dierk Haasis The Bat 1.62/Beta6 on Windows XP 5.1 2600Service Pack 1 You can love somebody even after knowing him for just a second. (Derek Leveret) Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hello Clive! On Friday, November 8, 2002 at 7:50:15 AM you wrote: I think Gary's comments are justified. No. There are list rules concerning tone and Gary's comment was out of line. Not just because of the rules but because it was plain rude to comment on a personal level without knowing what happened. Yes, perhaps the one sending EICAR to the list is what Gary calls him, but it could also have been a template gone wild, a real virus wrecking havoc (unlikely with TB, I concede) or purely a mistake. -- Dierk Haasis The Bat 1.62/Beta6 on Windows XP 5.1 2600Service Pack 1 First Rule for Corners: Slow In, Fast Out Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
In mid:151207187.20021108065015;ukf.net, Clive Taylor [CT] wrote:' CT I didn't know this was the EICAR file because NOD's plugin CT deletes the attachment and doesn't flag up which virus was CT attempting to infest this machine when it dumps the message into CT the quarantine folder. It could have been serious. Perhaps CT there's a technique here that spammers and virus propagators CT could exploit. Worrying. I don't understand here. Also, why not quarantine the messages so that you can take a look at the attachment. Manually running a scan on it will reveal which virus was sent. -- Allie C Martin \ TB! v1.62/Beta7 WinXP Pro (SP1) List Moderator/ PGP Key - http://pub-key.ac-martin.com Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
e33 . not caught by AVG
DWAre you running the most recent virus definitions from AVG? When did you DWlast update? My AVG updates automatically every two days, I just did a DWmanual download a minute ago there's a new update - so it must be less DWthan 48 hours since the last one. Thanks, Deborah, but I do check for updates every day before opening my email - and indeed got a new update today (the second this week if I am not mistaken). But my understanding is that updating has nothing to do with detecting the eicar-file, which is there for test purposes only, as I am sure my AVG knows: I tested my system with sending myself the eicar-file a while ago. Then AVG did protest, so I am worried that it doesn't now that the file comes as an attachment to a message in a digest. -- Regards, Ochrid _ The Bat! v1.62b7 op Windows XP _ Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
On Fri, 8 Nov 2002, Ochrid wrote: My AVG did *not* pick up the eicar test file. (I get the list messages a a digest). I am worried now. How do I test whether I am safe? in digest, You think, messages (one with Eicar) are attached in one MSG attachment? This is a problem in The Bat!, not in plugin or AVG. Nested messages are not correctly checked, because antivirus plugin have not full message for checking. This was already duscussed with developers and this bug should be fixed in next version. -- Marek Mikus Czech Support of The Bat! http://www.thebat.cz Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33 (this list and attachments)
ON Friday, November 8, 2002, 9:54:41 AM, you wrote: JDH I do have virus checkers on all my machines, but it's still surprising JDH to get one from a mailing list, where I have no control over who the JDH sender is. John, That's life, full of surprises ;-) -- Best regards, Gerard -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= By the time a man can afford to lose a golf ball, he can't hit it that far. Using The Bat! v1.61 on Windows 2000 5.0 Build 2195 Service Pack 3 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 In mid:Pine.LNX.4.44.0211081210250.10775-10;lucie.gin, Marek Mikus [MM] wrote:' MM in digest, You think, messages (one with Eicar) are attached in MM one MSG attachment? Yes. MM This is a problem in The Bat!, not in plugin or AVG. Nested MM messages are not correctly checked, because antivirus plugin MM have not full message for checking. This was already duscussed MM with developers and this bug should be fixed in next version. I prepared a MIME digest and sent it to myself. All messages in the digest had MIME attachments. DrWeb's plugin immediately quarantined the digest. This is what the TB! log had to say. ,-[ begin ]- | | !08/11/02, 06:27:48: ANTIVIRUS - Message from Allie | [EMAIL PROTECTED] to [EMAIL PROTECTED] and others with subject | Test digest is infected. Virus checker reports: Infected by EICAR | Test File (NOT a Virus!).Stored into the Quarantine folder | | '-[ end ]-|| - -- Allie C Martin \ TB! v1.62/Beta7 WinXP Pro (SP1) List Moderator/ PGP Key - http://pub-key.ac-martin.com -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1 (Win32) - GPGshell v2.65 iD8DBQE9y6P1V8nrYCsHF+IRAgc9AJ49pptxsoWzEkCZnttrSKOy9W4AwACgoX1x JXaub79IzZjCj6xlvVEes5o= =hdFr -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hi Thomas, On Fri, 8 Nov 2002 09:47:57 +0700 Thomas Fernandez [EMAIL PROTECTED] wrote: eicar.com Why did my PC-Cillin6 with Real-Time Scan enabled not pick it up? Ask PC-Cillin :-) My AVG w/ TB!-plugin caught it :-) Seems your scanning ain't this effective as it should be, maybe you want to test if PC-Cillin is capable of detecting eicar from a file by saving the attachment??? -- Pit Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Attention! It seems you have got a virus on your machine! Please make sure you have the latest update of your virus scanner and check all your files right away! Take care, John Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hi Ochrid, on Fri, 8 Nov 2002 11:35:41 +0100GMT (08.11.02, 11:35 +0100GMT here), you wrote in mid:152887766.20021108113541;xs4all.nl : O My AVG did *not* pick up the eicar test file. O (I get the list messages a a digest). O I am worried now. O How do I test whether I am safe? Try to save the file. My AV program doesn't check mail attachments either, but it checks everything I save to any disk. I use AVP (www.antivir.de). -- Cheers Peter Things working well, no problems. Time to upgrade. Winamp currently playing: - silence - Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hello Jason! On Friday, November 8, 2002 at 1:17:02 PM you wrote: It seems you have got a virus on your machine! Please make sure you have the latest update of your virus scanner and check all your files right away! OK, your plug-in works fine, it triggers the necessary automatic notification to sender. We've seen it, but now, can everybody please see to it that a) EICAR isn't a problem b) automatic replies are not a good idea, and should therefore be not enabled, for mailing lists? To cite my favourite cartoonists: Let's move on. Nothing to see. Everything's alright. -- Dierk Haasis The Bat 1.62/Beta6 on Windows XP 5.1 2600Service Pack 1 A great truth is a statement whose opposite is also a great truth. (Niels Bohr) Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Attention! It seems you have got a virus on your machine! Please make sure you have the latest update of your virus scanner and check all your files right away! Take care, John Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hello Roland! On Friday, November 8, 2002 at 1:40:40 PM you wrote: Take care, John From shows Roland and it is signed by John? -- Dierk Haasis The Bat 1.62/Beta6 on Windows XP 5.1 2600Service Pack 1 Asking dumb questions is easier than correcting dumb mistakes. Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Good afternoon List Members, On Fri, 08 Nov 2002 at 03:41:24 [GMT +0100] John wrote: It was obviously a mistake. I have been sending it to myself, for testing purposes and inadvertently sent it to the wrong address. My apologies to all. Didn't get anything. Attachment was caught by ISP (remote mailserver). :-) -- Regards Dieter MUA: Ritlabs TheBat! 1.62/Beta8 [2E7F60DA] MailShield 2.12 Spamprotection | EmailAlarm 5.4 OS: Windows v5.1 Build 2600 | Intel P4/2200 - Outgoing mail with possible attachments is found to be virus free - - Checked by KAV 4.0.1.14, using database update from Nov 06, 2002 - - All unannounced attachments will be automatically deleted by system - Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33 . not caught by AVG
Peter wrote: Try to save the file. My AV program doesn't check mail attachments either, but it checks everything I save to any disk. I use AVP I deleted message and attachment straight away, but wondered why someone else in this group using AVG plus TB plugin reports a proper reaction by AVG, while mine stayed dumb. So I wondered if I have somehow set something wrong. I have all email-scans etc. enabled. -- Regards, Ochrid _ The Bat! v1.62b7 op Windows XP _ Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33 . not caught by AVG
Hi Ochrid, Friday, November 08, 2002, 14:50 +0100 (8:50 AM here) Ochrid [O] in mid:10212602902.20021108145056;xs4all.nl said to The Bat List: O So I wondered if I have somehow set something wrong. I have all O email-scans etc. enabled. Do you also have (under Options - Virus Protection) the two boxes at the bottom checked that Check attachments before opening saving? This may help where the recent EICAR test file was an attachment. Just a thought... -- Regards, Ron Secord Win2K Pro (SP2) | The Bat! v1.62/Beta7 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday, November 08, 2002, Deborah W wrote... O I am worried now. How do I test whether I am safe? Are you running the most recent virus definitions from AVG? When did you last update? My AVG updates automatically every two days, I just did a manual download a minute ago there's a new update - so it must be less than 48 hours since the last one. The Eicar test virus should not need an update in the virus definitions file, and should be there from the very beginning of the life of the virus scanner. It's almost a defacto standard for quick tests on viruses. - -- Jonathan Angliss ([EMAIL PROTECTED]) -BEGIN PGP SIGNATURE- Version: 6.5.8ckt iQA/AwUBPcvOlCuD6BT4/R9zEQI5ygCfV8zdgu0THMZIQ+AGTibDCHp/FZoAn3s9 wZZJXPKOTAn3qgf6Wa6//TOG =ap9G -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33 . not caught by AVG
O So I wondered if I have somehow set something wrong. I have all O email-scans etc. enabled. RDo you also have (under Options - Virus Protection) the two boxes at Rthe bottom checked that Check attachments before opening saving? RThis may help where the recent EICAR test file was an attachment. Just Ra thought... Thanks for trying, but I did have those boxes checked. I just downloaded the eicar-file and tried to save it to disc: this time AVG *did* object. But I would like AVG to warn me *before* I save something to disc. (with bugbears and its off spring I was always properly warned). -- Regards, Ochrid _ The Bat! v1.62b7 op Windows XP _ Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: e33
On Friday, November 8, 2002, 2:47:43 PM, Jonathan Angliss wrote: JA The Eicar test virus should not need an update in the virus JA definitions file, and should be there from the very beginning of the JA life of the virus scanner. It's almost a defacto standard for quick JA tests on viruses. Yeah, but his question was Am I safe? If your virus definitions aren't up-to-date, the answer has to be no :-/ -- Deborah Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hello Peter, On Fri, 8 Nov 2002 12:48:34 +0100 GMT (08/11/02, 18:48 +0700 GMT), Peter Palmreuther wrote: Ask PC-Cillin :-) My AVG w/ TB!-plugin caught it :-) Seems your scanning ain't this effective as it should be, maybe you want to test if PC-Cillin is capable of detecting eicar from a file by saving the attachment??? I can save it. :-( When I scan the file (and this is what I usually do), the virus will be detected. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Many people quit looking for work when they find a job. Message reply created with The Bat! 1.62/Beta7 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hello Clive, On Fri, 8 Nov 2002 06:50:15 + GMT (08/11/02, 13:50 +0700 GMT), Clive Taylor wrote: I think Gary's comments are justified. I didn't know this was the EICAR file because NOD's plugin deletes the attachment and doesn't flag up which virus was attempting to infest this machine when it dumps the message into the quarantine folder. It could have been serious. Perhaps there's a technique here that spammers and virus propagators could exploit. Worrying. I don't get it. My AV-software didn't even catch the thing (thinking about whether I should change it now), but I don't worry about viruses as long as I use TB. What exactly are you worried about? -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. If Barbie is so popular, why do you have to buy her friends? Message reply created with The Bat! 1.62/Beta7 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hello Dierk, On Fri, 8 Nov 2002 11:49:31 +0100 GMT (08/11/02, 17:49 +0700 GMT), Dierk Haasis wrote: BTW, your last sig cookie was a bit ... racy, wasn't it. That depends *entirely* on your phantasy. I cannot help it if you have a dirty mind... ;-) -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Unsere Autos prallten genau in dem Augenblick zusammen, als sie sich begegneten. Message reply created with The Bat! 1.62/Beta7 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33 . not caught by AVG
Friday, 11/8/2002, 8:32 AM Hi Ochrid, On Fri, 8 Nov 2002, at 16:34:05 [GMT +0100] (which was 7:34 AM where I live) you wrote about: 'e33 . not caught by AVG' O But I would like AVG to warn me *before* I save something to O disc. (with bugbears and its off spring I was always properly O warned). I use AVG and it gave me a pop-up notification of the virus and isolated it. -- Your communication is greatly appreciated, Paul No... they are carried here by swallows... Powered by The Bat! v1.62/Beta7 under Windows XP 5.1 Build 2600 Service Pack 1 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hi Thomas, On Fri, 8 Nov 2002 23:08:47 +0700 Thomas Fernandez [EMAIL PROTECTED] wrote: Ask PC-Cillin :-) My AVG w/ TB!-plugin caught it :-) Seems your scanning ain't this effective as it should be, maybe you want to test if PC-Cillin is capable of detecting eicar from a file by saving the attachment??? I can save it. :-( When I scan the file (and this is what I usually do), the virus will be detected. So your Plugin seems not to work as intendet or ain't properly configured. If you can exclude the latter I'd in fact think about a change, AVG (I'm using Free Edition) seems to be very reliable in this matter. -- Pit Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hi Dierk, On Fri, 8 Nov 2002 14:29:45 +0100 Dierk Haasis [EMAIL PROTECTED] wrote: Take care, John From shows Roland and it is signed by John? Must be the template not changed to reflect a 'personal style' like ones own name :-/ Default settings, not having a look at it ... 'Windows mania': If it works automatically, don't care and don't look. If it doesn't work _automatically_ call for automatic activation upon installation ... :-/ -- Pit Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[3]: e33
Friday, November 8, 2002, 2:40:24 AM, John wrote in message mid:4154599662.20021107214024;verizon.net J It was obviously a mistake. I have been sending it to myself, for J testing purposes and inadvertently sent it to the wrong address. J My apologies to all. No problem here John - just went to prove that my AV (Kaspersky) is doing what it should, and that the notification I set up on the KAV Control Centre is working as it should also :-) (It is set to send me an e-mail if a PC on the network gets a virus - and it did!) -- Cheers, Anne Using The Bat! v1.61 on Windows 98 4.10 Build A The Bat Email - Unofficial Support Forum: http://the-bat-forums.donzeigler.com Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hello Peter, On Fri, 8 Nov 2002 17:48:04 +0100 GMT (08/11/02, 23:48 +0700 GMT), Peter Palmreuther wrote: So your Plugin seems not to work as intendet or ain't properly configured. It is not a plug-in, and it used to work as expected (i.e. advise of any viruses while downloading mail). If you can exclude the latter I'd in fact think about a change, AVG (I'm using Free Edition) seems to be very reliable in this matter. I will now look into this. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. When nobody is looking, Power Users pretend their mouse is a toy car, and race it around the desk. Message reply created with The Bat! 1.62/Beta7 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: e33
Bats- NOD32 (not the plugin) also caught the test virus in digest mode. As did Norton, even with virus definitions not up-to-date. -Mark Wieder Using The Bat! v1.61 on Windows 2000 5.0 Build 2195 Service Pack 2 -- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33 . not caught by AVG
O But I would like AVG to warn me *before* I save something to O disc. (with bugbears and its off spring I was always properly O warned). Paul I use AVG and it gave me a pop-up notification of the virus and Paul isolated it. thanks for responding, Paul, but it gets more worrying: you and someone else (forgot who) both reported that AVG *did* warn you. So I wonder why I didn't get a pop-up! Are you using the digest or reading all messages as they come in? I am a complete ignoramus on these things and try to protect my system with (Free version of) AVG and the TB! plugin. Before now I have had quite a few warnings and I have not (knowingly) changed anything in my settings. I would almost ask John to send me the eicar again... -- Regards, Ochrid _ The Bat! v1.62b7 op Windows XP _ Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hi Allie, On Friday, November 8, 2002 06:45 your local time, which was 03:45 my local time, Allie Martin wrote; MM This is a problem in The Bat!, not in plugin or AVG. Nested MM messages are not correctly checked, because antivirus plugin have MM not full message for checking. This was already duscussed with MM developers and this bug should be fixed in next version. I prepared a MIME digest and sent it to myself. All messages in the digest had MIME attachments. DrWeb's plugin immediately quarantined the digest. This is what the TB! log had to say. ,-[ begin ]- | | !08/11/02, 06:27:48: ANTIVIRUS - Message from Allie | [EMAIL PROTECTED] to [EMAIL PROTECTED] and others with subject | Test digest is infected. Virus checker reports: Infected by EICAR | Test File (NOT a Virus!).Stored into the Quarantine folder | | '-[ end ]-|| I was going to test this myself to see if nested messages are checked. The reason why is a couple of my friends use Hotmail and Yahoo and always forward messages within messages and wanted to make sure I was covered. So DrWeb and the plug-in covers that. Great :-) Chris. -- E-Mail - [EMAIL PROTECTED] Created Using The Bat! V1.61 and Virus Checked by DrWeb. Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: e33 . not caught by AVG
Hello Ochrid, On Friday, November 8, 2002, 1:09:49 PM, you wrote: O I would almost ask John to send me the eicar again... You email it to yourself at www.info-techs.com/eicar.shtml -- Patrick G. Using The Bat! v1.61 on Windows XP 5.1 Build 2600 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hi, Friday, November 8, 2002, 11:48:34 AM, you wrote: Hi Thomas, On Fri, 8 Nov 2002 09:47:57 +0700 Thomas Fernandez [EMAIL PROTECTED] wrote: eicar.com Why did my PC-Cillin6 with Real-Time Scan enabled not pick it up? Ask PC-Cillin :-) My AVG w/ TB!-plugin caught it :-) Seems your scanning ain't this effective as it should be, maybe you want to test if PC-Cillin is capable of detecting eicar from a file by saving the attachment??? That works on my machine. PC-Cillin only picks it up when you do something, not just download it. Which is why I also use AVG's plugin! Doug -- Doug Weller Moderator, sci.archaeology.moderated Submissions to:[EMAIL PROTECTED] Doug's Archaeology Site: http://www.ramtops.demon.co.uk Co-owner UK-Schools mailing list: email me for details Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33 . not caught by AVG
Hi All, On 8 Nov 2002 19:09:49 (my local time 10:09:49), Ochrid wrote (in mid:1991142472.20021108190949;xs4all.nl) So I wonder why I didn't get a pop-up! Like you, the AVG didn't warn me upon receiving the eicar test file last night. It turns out that the AVG plug in is not activiated. Go to Options / Virus Protection /. Select the AVG plug in, then click on the Configure button at right. Verify in the popup window whether the scan messages by this plug-in option is checked. After set up that option, my AVG works again. -- Regards, Anthony A computer program will always do what you tell it to do, but rarely what you want to do. -- Murphy's Law on Computing Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: e33
Friday, November 8, 2002, 10:25:56 AM, Marck wrote in message mid:711723508.20021108102556;silverstones.com MDP The limit has been 40kb and I have just dropped it to 25kb (which MDP should be enough for most of us). That wouldn't have stopped the MDP eicar test (at on 3kb it's pretty lean) but it would stop a real MDP virus. Erm Marck I hate to disillusion you, but 25kb is plenty big enough to allow some viruses through :-( Whereas most of the recent ones have been fixed size and larger e.g. we've seen Bugbear 50kb, Opasoft 120kb, Roron 115kb, etc, or variable, e.g. Klez, there are those which are smaller - e.g. Duksten at 10kb, Sponge at 14.3kb and Ramidle/Ramlide at 18kb would all slip under the limit you have fixed. I'd hate for anyone to be lulled into a false sense of security because they believe that viruses don't come that small. -- Cheers, Anne Using The Bat! v1.61 on Windows 98 4.10 Build A The Bat Email - Unofficial Support Forum: http://the-bat-forums.donzeigler.com Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Anne, 9-Nov-2002, 02:52 Anne [A] in mid:15812217495.20021109025228;gmx.co.uk said: MDP The limit has been 40kb and I have just dropped it to 25kb MDP (which should be enough for most of us). That wouldn't have MDP stopped the eicar test (at on 3kb it's pretty lean) but it MDP would stop a real virus. A Erm Marck I hate to disillusion you, but 25kb is plenty big A enough to allow some viruses through :-( Whereas most of the A recent ones have been fixed size and larger e.g. we've seen A Bugbear 50kb, Opasoft 120kb, Roron 115kb, etc, or variable, e.g. A Klez, there are those which are smaller - e.g. Duksten at 10kb, A Sponge at 14.3kb and Ramidle/Ramlide at 18kb would all slip A under the limit you have fixed. I'd hate for anyone to be lulled A into a false sense of security because they believe that viruses A don't come that small. My bad. I didn't realize they come so small. The smallest infected message I've ever received was around 87kb. - -- Cheers -- .\\arck D Pearlstone -- List moderator TB! v1.62/Beta7 on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.2.1rc1-nr1 (Windows 2000) iD8DBQE9zHlQOeQkq5KdzaARAjy0AKCk8OelPyG8wISVEBuiWI0raLzviQCfW6gx /abTbhBsupUHB1BCK7MgKUQ= =4mtb -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
e33
Hello Scott, -- Best regards, John eicar.com Description: Binary data Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
On Thu, Nov 07, 2002 at 09:14:23PM -0500 or thereabouts, John wrote: Hello Scott, I would like to know what kind of idiot you are, by not only sending an attachment to this list, but also sending the eicar test virus. I mean, do you really have any brains. There are some people who would think that this is a real virus. -- Gary Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: {VIRUS?} e33
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday, November 07, 2002, John wrote... Warning: This message has had one or more attachments removed. Warning: Please read the VirusWarning.txt attachment(s) for more information. lol... I don't think you're meant to send it to the list are you? Did a folder template kick in here? ;) Good job it wasn't anything harmful ;) - -- Jonathan Angliss ([EMAIL PROTECTED]) -BEGIN PGP SIGNATURE- Comment: Fingerprint: 676A 1701 665B E343 E393 B8D2 2B83 E814 F8FD 1F73 iQA/AwUBPcsixyuD6BT4/R9zEQJWtACg8wRlO/Lx+UxEUjpYSP5fiEiBh64AoPbl 5yrQs080DegNhudjTE+tgYw1 =uJme -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: e33
Hello Jonathan, It was obviously a mistake. I have been sending it to myself, for testing purposes and inadvertently sent it to the wrong address. My apologies to all. Thursday, November 7, 2002, 9:36:31 PM, you wrote: JA -BEGIN PGP SIGNED MESSAGE- JA Hash: SHA1 JA On Thursday, November 07, 2002, Gary wrote... Hello Scott, I would like to know what kind of idiot you are, by not only sending an attachment to this list, but also sending the eicar test virus. I mean, do you really have any brains. There are some people who would think that this is a real virus. JA No offence, but don't you think the attitude is a little rude? I mean JA it could have just been a mess up with a folder template... A mistake JA that probably everybody makes every now and again (hence Marck's JA warnings). JA - -- JA Jonathan Angliss JA ([EMAIL PROTECTED]) JA -BEGIN PGP SIGNATURE- JA Comment: Fingerprint: 676A 1701 665B E343 E393 B8D2 2B83 E814 F8FD 1F73 JA iQA/AwUBPcsjLyuD6BT4/R9zEQJ/OwCgo8i2qv5WvwIVOz8vtCjWXY3ns/wAnjJX JA OxDZsgxytGnFYOEZIcVdRfuP JA =6QCe JA -END PGP SIGNATURE- JA JA Current version is 1.61 | Using TBUDL information: JA http://www.silverstones.com/thebat/TBUDLInfo.html -- Best regards, John Using The Bat! v1.61 on Windows ME 4.90 Build 3000 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Thursday, November 07, 2002, Gary wrote... Hello Scott, I would like to know what kind of idiot you are, by not only sending an attachment to this list, but also sending the eicar test virus. I mean, do you really have any brains. There are some people who would think that this is a real virus. No offence, but don't you think the attitude is a little rude? I mean it could have just been a mess up with a folder template... A mistake that probably everybody makes every now and again (hence Marck's warnings). - -- Jonathan Angliss ([EMAIL PROTECTED]) -BEGIN PGP SIGNATURE- Comment: Fingerprint: 676A 1701 665B E343 E393 B8D2 2B83 E814 F8FD 1F73 iQA/AwUBPcsjLyuD6BT4/R9zEQJ/OwCgo8i2qv5WvwIVOz8vtCjWXY3ns/wAnjJX OxDZsgxytGnFYOEZIcVdRfuP =6QCe -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hi John, On Thursday, November 7, 2002 21:14 your local time, (Friday, 07:59 my local time), you [J] wrote: eicar.com Thanks for the surprise drill with Eicar John ! Next time send out a real and less conspicuous one ;) -- be well, Sudip Pokhrel |/\ Kathmandu - NP|\ / ASCII Ribbon Campaign PGP Key ID: 0xD93F5185| X Against HTML E-mail ! http://pgpkeys.mit.edu|/ \ ___ Budget: A method for going broke methodically ___ TB! v1.61 on XP Pro| P4-1.6Ghz 256MB RAM| Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[3]: e33
Thursday, November 7, 2002, 9:40:24 PM, you wrote: J Hello Jonathan, J It was obviously a mistake. I have been sending it to myself, for J testing purposes and inadvertently sent it to the wrong address. J My apologies to all. snip Not a problem here, thanks for the wake up call. Glad to see Norton and ZoneAlarm both jump all over it. More fun than the jerk who just sent me Klez. Lou back to lurk mode Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Attention! It seems you have got a virus on your machine! Please make sure you have the latest update of your virus scanner and check all your files right away! Take care, Scott Johnson Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
On Thursday, November 7, 2002, 9:51 PM, you wrote: LY Not a problem here, thanks for the wake up call. Glad to see Norton LY and ZoneAlarm both jump all over it. More fun than the jerk who just LY sent me Klez. AVG found it, no problem ;) -- Paul Using The Bat! v1.62/Beta7 on Windows XP 5.1 Build 2600 Service Pack 1 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 'Lo John, On Thu, 7 Nov 2002 21:14:23 -0500 your time, you authored this: J ALERT!!! J This e-mail contained one or more infected files. J The following attachments were infected and have been repaired: J -none- J The following infected attachments were deleted: J 1. eicar.com: EICAR Test String Well this came through my ISP account so got whopped before it got to me. Just be glad it was a test virus and not an email bitching about a partner or a boss ... now that could have been embarrassing g - -- Slán, Simon theycallmesimon.co.uk ___ Faffing about with TB! v1.61 on W2K SP3 PGP Key: http://pgp.netbanger.com/ -BEGIN PGP SIGNATURE- Comment: Privacy is freedom. Protect your privacy with PGP! Comment: KeyID: 0x5C7E8966 Comment: Fingerprint: 851C F927 0296 FF1C 70A2 474F CB6E 6FFE 5C7E 8966 iQA/AwUBPcsqzMtub/5cfolmEQIUfACfVtcqmpSwRu4c8wIG8+LpQiqlKtoAoNXp ed7lhPhR9c9m6e20fp4kGK4p =Sn3k -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hello Sudip, On Fri, 8 Nov 2002 08:27:08 +0545 GMT (08/11/02, 09:42 +0700 GMT), Sudip Pokhrel wrote: eicar.com Thanks for the surprise drill with Eicar John ! Next time send out a real and less conspicuous one ;) Why did my PC-Cillin6 with Real-Time Scan enabled not pick it up? -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. If flying is so safe, why do they call the airport the 'terminal'? Message reply created with The Bat! 1.62/Beta7 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hello Quin, On Thu, 7 Nov 2002 20:04:00 -0700 GMT (08/11/02, 10:04 +0700 GMT), Quin Selman wrote: Attention! Can we just do away with automated replies? They have never been anything else but a nuisance. Sure you can do a lot with TB, but this is a feature I'd like to see permanently disabled. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Wem Du's heute kannst besorgen, dem besorge es auch morgen. Message reply created with The Bat! 1.62/Beta7 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: e33
E-Mail Message ~~ From: Thomas Fernandez Date: Thursday, November 07, 2002 at 8:47 PM Subject: e33 _ TF Hello Sudip, TF On Fri, 8 Nov 2002 08:27:08 +0545 GMT (08/11/02, 09:42 +0700 GMT), TF Sudip Pokhrel wrote: eicar.com Thanks for the surprise drill with Eicar John ! Next time send out a real and less conspicuous one ;) TF Why did my PC-Cillin6 with Real-Time Scan enabled not pick it up? _ Cool, my spamcop account caught it for me. It never even made it to my Norton Anti-Virus ... double coverage! -- Jody The ULTIMATE security fix/patch for LookOut! and LookOut! Express ... The Bat! 1.62/Beta7 ... Running on Windows XP 5.1 Service Pack 1 -- Thought / Fact / Joke of the day The art of flying is to throw yourself at the ground and miss. -- Douglas Adams Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
08 November 2002, 02:36, you wrote: JA No offence, but don't you think the attitude is a little rude? I mean JA it could have just been a mess up with a folder template... A mistake JA that probably everybody makes every now and again (hence Marck's JA warnings). I think Gary's comments are justified. I didn't know this was the EICAR file because NOD's plugin deletes the attachment and doesn't flag up which virus was attempting to infest this machine when it dumps the message into the quarantine folder. It could have been serious. Perhaps there's a technique here that spammers and virus propagators could exploit. Worrying. -- Clive Taylor Using The Bat! v1.61 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
Hello Clive Thank you for your email dated Friday, November 8, 2002, 6:50:15 AM, in which you wrote: CT NOD's plugin ...doesn't flag up which virus was attempting to infest CT this machine This is one of the reasons I don't use the plug-in. It's immediately obvious if you use NOD32 'as is'. -- Regards William Flying with The Bat! www.ritlabs.com/the_bat Windows 2000 Pro 2195 Service Pack 2 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On Friday, November 08, 2002, Clive Taylor wrote... JA No offence, but don't you think the attitude is a little rude? I JA mean it could have just been a mess up with a folder template... JA A mistake that probably everybody makes every now and again JA (hence Marck's warnings). I think Gary's comments are justified. But without any confirmation of how the file got on the list, John was being told he was an idiot, and had no brain. To me that is plain rude... but that's me. I didn't know this was the EICAR file because NOD's plugin deletes the attachment and doesn't flag up which virus was attempting to infest this machine when it dumps the message into the quarantine folder. Hey, consider it an unintended test just like a load of other people did, was an accident, just like the folders template that pops up every now and again. They don't get called idiots, they just kindly get guided ;) It could have been serious. Perhaps there's a technique here that spammers and virus propagators could exploit. Worrying. Not really... The list is set to accept mail from subscribed users only, viruses such as Klez, BugBear, spoof the From address, so the files would never have got on the list anyway... unless of course the person is using both outlook and TB! and has a contact from the list and the list address in his/her addressbook (or webpages). I'm not saying it cannot happen... chances are very slim... too many random parts required to make it succeed. I've been on the list... oh... nearly a year, and that is the first accidental post of a test virus... or any virus for that matter. Not only that, but I think it's probably one of the very few attachments on an email to this list... I've maybe seen 4 since I joined. *shrugs* - -- Jonathan Angliss ([EMAIL PROTECTED]) -BEGIN PGP SIGNATURE- Comment: Fingerprint: 676A 1701 665B E343 E393 B8D2 2B83 E814 F8FD 1F73 iQA/AwUBPctmliuD6BT4/R9zEQI/oACglfwpwoLDhp1TMkvVSPNKjomE7FQAn0kU BYff1TAlz+dP8dBmLsAbrYom =1L/a -END PGP SIGNATURE- Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: e33
08 November 2002, 07:07, you wrote: CT NOD's plugin ...doesn't flag up which virus was attempting to infest CT this machine WM This is one of the reasons I don't use the plug-in. It's immediately WM obvious if you use NOD32 'as is'. You're right. It was a good test and the plugin is now consigned to history! -- Clive Taylor Using The Bat! v1.61 Current version is 1.61 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
