-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Tuesday, October 08, 2002, Avram Sacks wrote...
> Aren't these e-mails the ones that my AV software found infected, > particularly since it has told me that it has "restored the file"? > If so, then there really is no advantage to using plug-ins. No? I didn't realise your mail was still being delivered. This may be okay for the files it can fix, but for those it cannot, you'll find them relegated to the virus scanners quarantine, or even deleted completely. >>Of course, if you're not too worried about seeing the content of >>these 'infected' files, and trust your virus scanner to make a >>valued judgement about the email (knowing that it only matches >>signatures, and doesn't care about content), then you can just stick >>with using an external virus scanner. > How is eZTrust-AV matching signatures? What signatures is it matching, and > with what? When I say signatures I mean the signatures of a virus itself. I didn't mean the email has a nice footer at the bottom saying I'm a virus ;) Take for example eicar (test virus), the signature starts: X5O!P%@AP[4\PZX54(P^)7CC... (you can see the rest at http://www.eicar.org/anti_virus_test_file.htm) You can write that signature to a text file, save as a .com and then scan it, and it'll be detected. A virus scanner just keeps a dictionary of such signatures, and then does matches based on those signatures. Imagine a signature as a finger print for each virus. Each virus has it's own finger print. > I don't use an address book, although I do have filters in The Bat > for trash. But why should the AV software care about what filters I > am using? It doesn't. I believe we may have mixed ideas (or I may have confused you) about the term 'signature' in this context. > Also, if I what I said above about the file being restored > is correct, then it seems to me that the AV software is letting me > make the decision about whether to dump the message or not. It depends on the virus really. If the virus is not removable, or the file cannot be repaired, then your virus scanner will most likely move it to it's own quarantine, or even just trash it. The other option is that some virus scanners now come with in built pop/smtp connection scanning. It 'hijacks' the connections made on the related ports, reads the email, if it matches a 'fingerprint' of a virus, it re-writes the email, removing the attachment, and often putting a text file in it's place. This 'feature' is all dependant of the virus scanner you have installed. I know Norton 2002 does this, but not sure about yours. > Again, thanks for your patience is answering these questions. You're welcome... :) - -- Jonathan Angliss ([EMAIL PROTECTED]) -----BEGIN PGP SIGNATURE----- Version: 6.5.8ckt iQA/AwUBPaMp0iuD6BT4/R9zEQIS+ACfbSrg/BGa6x6xCSfgyVo2xQnASV0AoOfj G4mLJHEZDJ8H/1rcXdh2B9PM =gM+n -----END PGP SIGNATURE----- ________________________________________________ Current version is 1.61 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html