On Saturday, November 06, 2004 at 10:29:17 AM [GMT -0500], Thomas Fernandez wrote:
> Yes, I could. In fact, I excluded all file extensions by just turning > off the darned realtime scan. But the question was about TB and PCC, > and if the solution is to exclude the tmp files and the TB directory > from realtime scan, the question must be answered as "useless > combination". If you exclude the TB! directory and temp files, then still enabling the realtime scan wouldn't be a useless combination. Attempting to open or save an infected attachment to disk would trigger the realtime scanner. That's better than a completely manual approach. It's not useless. > Yes, this is a second scenario. This way, PCC won't stop the malware > at the tmp level, and won't arrest the folders. In fact, it would not > interact with TB at all. Which is what was said above. Yes. Interacting with TB!'s operations creates problems. This is why mailscanning is offered by mose scanners today. It checks the mail *before* TB! starts interacting with it. Scanners shouldn't interfere once TB! begins handling the mail. Unless a plugin is doing the interacting and TB! controls what's happening via the plugin. > An AV program with a TB plug-in would filter the infected mails to a > quarantine folder within TB, where you could do with them what you > want. In my case, delete them all (except for that test message with > Eicar), but it's in any case more convenient than manual scanning. Yes. IMO, in order of effectiveness and convenience: - using plugin when available with non-specific mail scanning support disabled. - if no plugin available, and you're not using an encrypted protocol, mail scanning while excluding the TB! directory and temp files from scanning. - if no plugin available and you're using an encrypted connection, then disable non-specific mail scanning support, and exclude the TB! directories and temp file. Keep the realtime scanner running. AM>> Afterall, some find having to worry about viruses at all to be rather AM>> tedious. :) > Do they know how tedious it is to reinstall everything from backup? > ;-) I'm referring to those who don't have to worry about viruses, like Mac and Linux users. -- -= Allie =- ..... No good deed goes unpunished - Clare Booth Luce __________________________________________________ Using The Bat!™ v3.0.2.5 for IMAP mail IMAP Server: MDaemon Pro | OS: Windows XP Pro (Service Pack 2) ________________________________________________ Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
