Hello Peter, Sunday, October 27, 2002, 9:07:24 PM, you wrote:
PP> Hello Barry2, PP> On Sunday, October 27, 2002 at 8:32:52 PM you [B] wrote (at least in PP> part): B>> AIUI - TB! uses temp files to bring in mail and that's where the AV B>> would pick up the virus definition ( providing you have it set to scan B>> all file types ). PP> CMIIW, but these .tmp fiels are used on 'per message basis' when PP> fetching them from POP/IMAP. PP> The fragmented message will come in as x messages with x .tmp files, PP> non of them containing the complete virus. So the AV-engine must be PP> very lucky to detect the virus, maybe occasionally this is possible. PP> But in general The Bat! will 'rebuild' the virus _after_ those .tmp PP> files are imported to message base and already deleted, so in case of PP> a 'fragmented message virus attack' there will be no single .tmp file PP> an AV-engine could catch. In the case of the fragmented message virus that's right. I was really referring to the way the temp files are created and then automatically scanned by the AV. When TB! recreates the message / virus I'm not sure whether or not it would also use a temporary file too ( it must create something to put all the parts into ? ) and that's what will get scanned as each bit is added .. once all the bits are in there the AV gets a hit. PP> Nevertheless, The Bat! uses temporarily files as well when opening PP> attachments from inside The Bat!, so first an eventually configured PP> 'Scan attachments when opening' plug in will take effect and second an PP> eventually installed and configured resident virus shield will PP> recognize the virus if the plugin is missing / not activated. That's what we find with the Kaspersky Personal Edition we are using, there's no specific plug-in for TB! but it doesn't stop it picking up those GFI exploits :-) -- Best regards, Barry2 Using The Bat! v1.61 on Windows 98 4.10 Build 2222 ________________________________________________ Current version is 1.61 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
