-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <[EMAIL PROTECTED]">mid:[EMAIL PROTECTED]>, Nick Andriash [NA] wrote: ... NA> That wasn't my experience Allie. Using TB 1.60p, the NOD32.bav, NA> and sending myself the Eicar test ZIP file didn't prompt the NA> Plugin to do anything.
That's because you sent yourself the virus zipped. Send it to yourself unzipped. NA> Nothing happened until I tried to open the Archive, then the NA> Plugin took over. You mean, Amon, the system monitor took over, right? :-) NA> However, the full-time Scanner does that anyway. I have TB set to NA> keep the attachments with the Message. The full-time scanner will not strip the attachment, neither will it create a quarantine folder *within TB!* from which you can't execute the contained attachment/s within messages and yet you're able to safely examine the rest of the message. NA> How have you set the NOD32 Plugin (on my install of TB you cannot NA> even configure the Plugin) that for you it strips out the ZIP NA> file? No, it will not strip out the zip file. NA> I have ticked the boxes to check all incoming messages and NA> attachments for viruses, and allow formation of the quarantine NA> Folder. No quarantine Folder was created, and as mentioned, I was NA> allowed to open the Archive. Try it again with the unzipped virus. This seems to be a limitation of the monitor. Note also that Amon doesn't holler when you're handling the zipped eicar. You can copy it to another part of the system. It's not until you open the archive that your stopped. Turn off Amon, unzip eicar, restart Amon and try to move eicar to another location. You can't. Try to download the unzipped eicar. You can't with the system monitor running. You can download the zipped version though. The plug-in's behaviour is no different. - -- -=Allie C Martin=- List Moderator | TB! v1.60p | Windows XP Pro PGP/GPG Public Key: mailto:[EMAIL PROTECTED]?Subject=2B0717E2 _________________________________________________________________ -----BEGIN PGP SIGNATURE----- iD8DBQE8/XDOV8nrYCsHF+IRAvcDAJ9HsP0izu8d1K179E1MpcqtnM9d0QCePp4L DBxe/pI1WL3f0y+yoEt+5V0= =Trrw -----END PGP SIGNATURE----- ________________________________________________________ Current Ver: 1.60m FAQ : http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://bt.ritlabs.com
