Hello Tony,

On Sun, 13 Jun 2004 08:51:39 +0200 GMT (13/06/2004, 13:51 +0700 GMT),
Tony wrote:

a>>> eTrust EZ Antivirus real-time protection has found that
a>>> C:\DOCUME~1\AVRAM\LOCALS~1\Temp\bat653.tmp is HTML.ObjectDataHTA
a>>> dropper

TF>> See above. It is a good idea to exclude the temp folder from AV
TF>> scanning, or at least exclude bat*.tmp files within that folder from
TF>> the real-time scan.

T> I'm not sure that helps (in all cases)

It would help in above case.

T> It probably depends on the AV but some programs don't just scan the
T> files but the POP3/MAPI data stream. So the AV kick into action
T> even before the virus gets written to disk.

Not in the above case, and then there wouldn't an a file name.

T> So excluding the scanning directory won't help.
T> A 'solution' could be not to scan e-mail at all.

That's what I do: not scan emails.

T> The virus will just wait to get activated by Reading the e-mail or
T> something.

That's only possible with Microsoft products.

T> At that time the other part of your AV should kick in.

The AV should kick in when I ask it. That's how I have set it: It I do
want to open an attachment, I ask the doctor (PC-Cillin): Does this
file contain a virus?

T> But I don't like that solution because I want to kill the virus asap.

I do that with the <del> key.

T> And I don't like TB! forcing me to change AV.

It isn't. You only need to adjust your settings to your environment
and your desired behaviour.

-- 

Cheers,
Thomas.

Moderator der deutschen The Bat! Beginner Liste.

Avoid cliches like the plague (They're old hat.)

Message reply created with The Bat! 2.11
under Chinese Windows 98 4.10 Build 2222 A 
using a Pentium P4 1.7 GHz, 256MB RAM




________________________________________________
Current version is 2.11.02 | 'Using TBUDL' information:
http://www.silverstones.com/thebat/TBUDLInfo.html

Reply via email to