Re: Help with filters please
On Tue, 22 Feb 2005 13:13:17 +, Marck D Pearlstone [EMAIL PROTECTED] wrote: log-fw Sender Yes alert Subject Yes [scan|attack] dropped TextYes On v2.12.00 this did the trick: log-fw Sender Yes alert Subject Yes [attack dropped]|scan dropped]|[sppf dropped] TextYes Apparently, using the | in between []'s isn't working - on v2.12.00. I'd say I had used this in my tests before, but alas... thanks again, Marck. -- Happy flappin'! Corne' (aka Cory, The Batdmin) Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
new AV plug-in for TB
Hallo Everybody, Just found this piece of info at the TB forum at the ritlabs site = Topic title: NEW: TBClamWin - AV Plugin for ClamWin Message author: Marco Pontello Message date: 02/24/2005 02:56:11 Message text: I have coded this little plugin for The Bat!, to experiment with the Plug-In API. It allow the use of (a previously installed) ClamWin as a scanning engine for every saved or opened file attachment. ClamWin is a Win32 version/port of the open source - GPL licensed - ClamAV antivirus. Here's the page with some info: http://mark0.net/plugins-tb-tbclamwin-e.html I developed tested it with a trial version of The Bat!. Thanks to anyone that will double check if it works correctly with some other versions. = -- Groetjes, Roelof Wizard's Guild Parking Only:Violators will be Toad. The Bat! 3.0.9.1 Deep Alpha Windows XP 5.1 Build 2600 Service Pack 2 1 pop3 account, server on LAN pgpWxgSKePRqB.pgp Description: PGP signature Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Again, why only TB built-in filters are enough to fight all sorts of SPAM
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ***^\ ._)~~ ~( __ _o Was another beautiful day, Tue, 22 Feb 2005, @ @ at 06:16:14 +0500, when Richard H. Stoddard wrote: MM Okay then, less problems to solve. Tell me, do you have some MM friends, or business partners who do not address you properly, MM namely not using your full name (or a screen/nick name defined by MM yourself) in TO (or CC) field, but using only the address of yours? I assume I'm like most folks: I have my friends and others in my address book and flagged so they go to the known folder; I have white-listed mailing lists like TBUDL; but I do receive mail that is not spam from others who are not in my book but whom I know or were referred to me by friends. My friends use all sorts of nicknames for me, including only the address; I can try to train them, but will have to deal with the third on a case-by-case basis. Pardon my pause, Richard, I had to interrupt for a...moment. OK, actually you would have to train a bit your friends then, and to tell them (if they already do not do so) to use only (nick)names you use in your FROM and REPLY-TO fields. When they are giving your address to third parties, they would have, of course, to use those very same forms. Then you simply put all those forms of addressing on a white list too, and that's it. Nothing which is not addressed this way can pass in. This part, with friends, is, potentially, 'hardest' one, although it is not very hard. My experiences are that my friends/correspondents pretty easily accept and understand why I do so, and often they themselves start to practise similar method. Some of them initially mumble but they shortly after accept it too. You, therefore, have to train them, your friends, and they will train all others. (-: So, there is no need for dealing with the third on a case-by-case basis. So you actually have 2 groups here: messages addressed to you personally and those coming to/from various lists, addressed to these lists. If you receive some newsletters then you add them too. ~~~ It's only important that no message arrives *only* to your plain address (since this is form which spammers use; and sometimes adding a 'random' faked nick name, or name). ~~~ This way you practically can filter everything using just Selective Download filters. There is no 'fear' of losing some 'important' mail this way, since if someone wants to contact you, for enough serious reasons, s/he will definitely take care about way s/he is addressing you. Even if something like that happens, and some letter is deleted due to lack of the proper addressing, you may see info of that message in LOG (Ctrl+Shift+A) and to inform the sender how to resend the message. If I wasn't clear enough, ask me. (-: - -- Mica PGP key uploaded at: http://pgp.mit.edu/ once just before breakfast :banana: [Earth LOG: 176 day(s) since v3.0 unleashing] OS: Windows 98 SE Micro Lite Professional IVa Enterprise Millennium with nestled ZipSlack(tm) 9.1 UMSDOS Linux, and with Bochs 2.1.1 with a small DLX Linux; and, for TB sometimes, Gentoo and Vector via Wine... -BEGIN PGP SIGNATURE- iD8DBQFCHf3J9q62QPd3XuIRAmJnAJ9YuTorKIIVFUnUNh8/o8c1X9JOIACdEld+ xnIuIGf4jx2lmpK8YI4KBSk= =slgG -END PGP SIGNATURE- Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: TB voyager : mobile solution...
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ***^\ ._)~~ ~( __ _o Was another beautiful day, Tue, 22 Feb 2005, @ @ at 18:58:37 +1300, when Allister Jenks wrote: Tuesday, February 22, 2005, 1:48:05 AM, Mica wrote: That's why God (or at least the fellows at Apple) invented the iPod. :-) MM What's that, actually? Essentially, a hard-disk based portable audio player. It's something of a phenomenon lately... http://www.apple.com/ipod/ Thanks, Jenks, I'll fling my eye to ponder the thing. - -- Mica PGP key uploaded at: http://pgp.mit.edu/ once just before breakfast :flagmica: [Earth LOG: 176 day(s) since v3.0 unleashing] OS: Windows 98 SE Micro Lite Professional IVa Enterprise Millennium with nestled ZipSlack(tm) 9.1 UMSDOS Linux, and with Bochs 2.1.1 with a small DLX Linux; and, for TB sometimes, Gentoo and Vector via Wine... -BEGIN PGP SIGNATURE- iD8DBQFCHf4s9q62QPd3XuIRAheoAJsGZX4RgIzK9eSc7ejpFC7u8PNf1QCcDSZ3 cusVPfYrR2zq9/3oApLGK9E= =BqS8 -END PGP SIGNATURE- Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: new AV plug-in for TB
On Date : Thu, 24 Feb 2005 11:22:01 +0100 Roelof Otten [EMAIL PROTECTED] wrote this lines: Roelof Hallo Everybody, Roelof Just found this piece of info at the TB forum at the ritlabs site Roelof = Roelof Topic title: Roelof NEW: TBClamWin - AV Plugin for ClamWin Roelof Message author: Marco Pontello Roelof Message date: 02/24/2005 02:56:11 Roelof Message text: Roelof I have coded this little plugin for The Bat!, to experiment with the Roelof Plug-In API. It allow the use of (a previously installed) ClamWin as a Roelof scanning engine for every saved or opened file attachment. ClamWin is Roelof a Win32 version/port of the open source - GPL Roelof licensed - ClamAV antivirus. Roelof Here's the page with some info: Roelof http://mark0.net/plugins-tb-tbclamwin-e.html Roelof I developed tested it with a trial version of The Bat!. Thanks to Roelof anyone that will double check if it works correctly with some other versions. Roelof = :o At last!!! i've been waiting a long time for it!! ClamAV is a very good antivirus solution. -- Saludos, B R i a N S (Cienfuegos, Cuba) Using The Bat! 3.0.9.1 Deep Alpha under Windows 2000 5.0 Build 2195 Service Pack 4 on a Pentium 4 2.4ghz with 256MB. Wise men talk because they have something to say; fools, because they have to say something.-- Plato (429-347 BC) Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: new AV plug-in for TB
B R i a N S wrote: :o At last!!! i've been waiting a long time for it!! ClamAV is a very good antivirus solution. Better than Avast? -- Dave Calvarese PGP Key Available at http://home.comcast.net/~dhcalva/DavidCalvarese-dh.asc signature.asc Description: OpenPGP digital signature Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: new AV plug-in for TB
Hello B R i a N S everyone else, on 24-Feb-2005 at 19:01 you (B R i a N S) wrote: ClamAV is a very good antivirus solution. God exists. Proof or faith? -- Best regards, Alexander (http://www.neurowerx.de - ICQ 238153981) All you need in life is ignorance and confidence, and then success is sure. -- Mark Twain Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: new AV plug-in for TB
Hello Alexander, on Thursday, 24. February 2005, at 19:06:29 [GMT +0100] you wrote regarding new AV plug-in for TB: ClamAV is a very good antivirus solution. God exists. Proof or faith? It is very good, databases are actual, but has no background scanner and can't clean files or messages. It is special designed for Mail server. -- Ciao Thomas Using: TheBat! 3.0.2.10 System: Windows XP Build 2600 Service Pack 2 PGP:Key-ID: 0x70D9F03B Visit: TheBat! World on http://www.thebatworld.de pgp2D70tMsjWP.pgp Description: PGP signature Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: new AV plug-in for TB
On Date : Thu, 24 Feb 2005 12:11:07 -0500 David Calvarese [EMAIL PROTECTED] wrote this lines: David B R i a N S wrote: :o At last!!! i've been waiting a long time for it!! ClamAV is a very good antivirus solution. David Better than Avast? Well, here is a list of antivirus solutions responding to the new MyDoom version released on 16.02.2005 Guess who's on the top. ;) It was the only one that could detect/remove MyDoom on 16.02.2005. ClamAV 16.02.2005 23:02 :: Worm.Mydoom.M-2 Sophos 17.02.2005 00:02 :: W32/MyDoom-O TrendMicro 17.02.2005 01:11 :: WORM_MYDOOM.M F-Prot 17.02.2005 01:48 :: W32/[EMAIL PROTECTED] McAfee 17.02.2005 01:53 :: W32/[EMAIL PROTECTED] eTrust-Iris 17.02.2005 02:35 :: Win32/Mydoom.AU!Worm Symantec 17.02.2005 03:30 :: [EMAIL PROTECTED] eTrust-Vet 17.02.2005 06:35 :: Win32.Mydoom.AU!ZIP Antivir 17.02.2005 07:11 :: Worm/MyDoom.BB DrWeb 17.02.2005 08:10 :: Win32.HLLW.MyBot BitDefender 17.02.2005 08:54 :: [EMAIL PROTECTED] Panda 17.02.2005 08:54 :: W32/Mydoom.AO.worm Norman 17.02.2005 09:25 :: [EMAIL PROTECTED] AVG 17.02.2005 11:10 :: I-Worm/Mydoom.AP -- Saludos, B R i a N S (Cienfuegos, Cuba) Using The Bat! 3.0.9.1 Deep Alpha under Windows 2000 5.0 Build 2195 Service Pack 4 on a Pentium 4 2.4ghz with 256MB. If a million people say a foolish thing, it is still a foolish thing.-- Anatole France [Jacques Anatole Thibault] (1844-1924) Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: new AV plug-in for TB
B R i a N S wrote: On Date : Thu, 24 Feb 2005 12:11:07 -0500 David Calvarese [EMAIL PROTECTED] wrote this lines: David B R i a N S wrote: :o At last!!! i've been waiting a long time for it!! ClamAV is a very good antivirus solution. David Better than Avast? Well, here is a list of antivirus solutions responding to the new MyDoom version released on 16.02.2005 Guess who's on the top. ;) It was the only one that could detect/remove MyDoom on 16.02.2005. ClamAV 16.02.2005 23:02 :: Worm.Mydoom.M-2 Sophos 17.02.2005 00:02 :: W32/MyDoom-O TrendMicro 17.02.2005 01:11 :: WORM_MYDOOM.M F-Prot 17.02.2005 01:48 :: W32/[EMAIL PROTECTED] McAfee 17.02.2005 01:53 :: W32/[EMAIL PROTECTED] eTrust-Iris 17.02.2005 02:35 :: Win32/Mydoom.AU!Worm Symantec 17.02.2005 03:30 :: [EMAIL PROTECTED] eTrust-Vet 17.02.2005 06:35 :: Win32.Mydoom.AU!ZIP Antivir 17.02.2005 07:11 :: Worm/MyDoom.BB DrWeb 17.02.2005 08:10 :: Win32.HLLW.MyBot BitDefender 17.02.2005 08:54 :: [EMAIL PROTECTED] Panda 17.02.2005 08:54 :: W32/Mydoom.AO.worm Norman 17.02.2005 09:25 :: [EMAIL PROTECTED] AVG 17.02.2005 11:10 :: I-Worm/Mydoom.AP I find it a little odd that Eset/NOD32 isn't on that list. They're usually pretty fast. Where did you find that info anyway? I'm curious. -- Dave Calvarese PGP Key Available at http://home.comcast.net/~dhcalva/DavidCalvarese-dh.asc signature.asc Description: OpenPGP digital signature Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: message with no Date in its rfc-822 headers: TB! says created 30 December 1899, 00:00:00 () or same time as received?
Hi On Wednesday 23 February 2005 at 7:07:18 PM, in mid:[EMAIL PROTECTED], Roelof Otten wrote: Confirmed with the latest aplha. It would be nice to a consistent behaviour of course, but messages must have a Date: header according to RFC2822, so I can imagine that something like this is overlooked... Reported at https://www.ritlabs.com/bt/view.php?id=4281 -- Best regards, MFPAmailto:[EMAIL PROTECTED] Using The Bat! v3.0.1.33 on Windows XP 5.1 Build 2600 Service Pack 1 Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: new AV plug-in for TB
Hi, The original quoted text below was written on 24/02/2005 20:17 my local time; ClamAV 16.02.2005 23:02 :: Worm.Mydoom.M-2 Sophos 17.02.2005 00:02 :: W32/MyDoom-O TrendMicro 17.02.2005 01:11 :: WORM_MYDOOM.M F-Prot 17.02.2005 01:48 :: W32/[EMAIL PROTECTED] McAfee 17.02.2005 01:53 :: W32/[EMAIL PROTECTED] eTrust-Iris 17.02.2005 02:35 :: Win32/Mydoom.AU!Worm Symantec 17.02.2005 03:30 :: [EMAIL PROTECTED] eTrust-Vet 17.02.2005 06:35 :: Win32.Mydoom.AU!ZIP Antivir 17.02.2005 07:11 :: Worm/MyDoom.BB DrWeb 17.02.2005 08:10 :: Win32.HLLW.MyBot BitDefender 17.02.2005 08:54 :: [EMAIL PROTECTED] Panda 17.02.2005 08:54 :: W32/Mydoom.AO.worm Norman 17.02.2005 09:25 :: [EMAIL PROTECTED] AVG 17.02.2005 11:10 :: I-Worm/Mydoom.AP I find it a little odd that Eset/NOD32 isn't on that list. They're usually pretty fast. And Kaspersky! -- Chris Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: new AV plug-in for TB
On Date : Thu, 24 Feb 2005 15:17:09 -0500 David Calvarese [EMAIL PROTECTED] wrote this lines: David I find it a little odd that Eset/NOD32 isn't on that list. They're David usually pretty fast. Where did you find that info anyway? I'm curious. http://www.hispasec.com/unaaldia/2308/ I hope you know spanish ;) -- Cheers, B R i a N S (Cienfuegos, Cuba) Using The Bat! 3.0.9.1 Deep Alpha under Windows 2000 5.0 Build 2195 Service Pack 4 on a Pentium 4 2.4ghz with 256MB. I haven't failed, I've found 10,000 ways that don't work.-- Thomas Edison (1847-1931) Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Mod: Untrimmed reply (was: new AV plug-in for TB)
Hallo David, On Thu, 24 Feb 2005 15:17:09 -0500GMT (24-2-2005, 21:17 +0100, where I live), you wrote: DC B R i a N S wrote: On Date : Thu, 24 Feb 2005 12:11:07 -0500 David Calvarese [EMAIL PROTECTED] wrote this lines: moderator Note: This moderator's interjection is a note to all readers and not just to the person being replied to, even if their post may have instigated this reply. Please don't feel singled out David. ' Please trim replies to context. A sure fire indicator that insufficient trimming has been done is that the original signature and list footer remain in the quoted text. To find out why these MOD messages are posted to the list instead of private mail, please read the welcome message you received when you subscribed. Thank you. /moderator -- Groetjes, Roelof WinErr: 010 Reserved for future mistakes by our developers The Bat! 3.0.2.10 Windows XP 5.1 Build 2600 Service Pack 2 1 pop3 account, server on LAN pgpVJ1ztnZTcY.pgp Description: PGP signature Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Mod: Untrimmed reply (was: new AV plug-in for TB)
Hallo B, On Thu, 24 Feb 2005 16:01:09 -0500GMT (24-2-2005, 22:01 +0100, where I live), you wrote: BRI David Calvarese [EMAIL PROTECTED] wrote this lines: David B R i a N S wrote: moderator Note: This moderator's interjection is a note to all readers and not just to the person being replied to, even if their post may have instigated this reply. Please don't feel singled out B. ' Please trim replies to context. A sure fire indicator that insufficient trimming has been done is that the original signature and list footer remain in the quoted text. To find out why these MOD messages are posted to the list instead of private mail, please read the welcome message you received when you subscribed. Thank you. /moderator -- Groetjes, Roelof Wizard's Guild Parking Only:Violators will be Toad. The Bat! 3.0.2.10 Windows XP 5.1 Build 2600 Service Pack 2 1 pop3 account, server on LAN pgpj6O1wLf6UV.pgp Description: PGP signature Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: new AV plug-in for TB
On Thu, 24 Feb 2005 16:01:09 -0500, B R i a N S [EMAIL PROTECTED] wrote: Well, here is a list of antivirus solutions responding to the new MyDoom version released on 16.02.2005 Guess who's on the top. ;) It was the only one that could detect/remove MyDoom on 16.02.2005. I'd say it's quite likely this MyDoom variety could have been detected by scanners using heuristic methods with an earlier release date. Not based on facts, just my feeling and experience over time with this type of protection. -- Happy flappin'! Corne' (aka Cory, The Batdmin) Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
need NOD32 plug-in source
Battyfolk, Would someone be so kind as to direct me to the current NOD32 plug-in? Thanks. -- Jan Rifkinson Ridgefield, CT USA TB!3.0.1.33, , Windows 2000, Service Pack 4 ICQ 41116329 Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: need NOD32 plug-in source
Hello all, Friday, February 25, 2005, Jan Rifkinson wrote: Would someone be so kind as to direct me to the current NOD32 plug-in? this is the last version developed by Ritlabs and working with 3.x version: http://www.thebat.cz/stazeni/beta/nod32.rar (50kB) -- Bye Marek Mikus Czech support of The Bat! http://www.thebat.cz Using the best The Bat! 3.0.2.10 under Windows XP 5.1 Build 2600 Service Pack 1 Notebook Acer, Pentium4-M 2.2 GHz, 512 MB RAM, ADSL line Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Again, why only TB built-in filters are enough to fight all sorts of SPAM
Mica, Thursday, February 24, 2005, 9:16:11 PM, you wrote: MM OK, actually you would have to train a bit your friends then, and to MM tell them (if they already do not do so) to use only (nick)names you use MM in your FROM and REPLY-TO fields. For some reason I was assuming it would be more complicated than it turned out to be. I guess that's because I usually read e-mail in the morning while drinking my first cups of coffee. It'll take my friends and others awhile to get used to using a particular address form, but I'll give it a try. MM This way you practically can filter everything using just Selective MM Download filters. In the beginning, I'll just filter those that don't pass to a junk folder I can check periodically. Some of my friends are slow learners. :-) -- Thanks, Rick Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: message with no Date in its rfc-822 headers: TB! says created 30 December 1899, 00:00:00 () or same time as received?
MFPA @ 2005-Feb-24 3:37:15 PM message with no Date in its rfc-822 headers: TB! says created 30 December 1899, 00:00:00 () or same time as received? mid:[EMAIL PROTECTED] Confirmed with the latest aplha. It would be nice to a consistent behaviour of course, but messages must have a Date: header according to RFC2822, so I can imagine that something like this is overlooked... Reported at https://www.ritlabs.com/bt/view.php?id=4281 Although I agree that The Bat! should be able to handle malformed Date headers (to a point), shouldn't this issue also be reported to the mail server manager or generating e-mail client? -- Chris Quoting when replying to this message is good for your karma. Using The Bat! v3.0.1.33 on Windows XP 5.1 Build 2600 Service Pack 2 Accessing a POP3 mailbox. Should vegetarians eat animal crackers? pgpbh5O4U8GQY.pgp Description: PGP signature Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: Help with filters please
Cory @ 2005-Feb-24 4:27:14 AM Help with filters please mid:[EMAIL PROTECTED] [attack dropped]|scan dropped]|[sppf dropped] TextYes This probably isn't the problem, but you're missing a '[' before scan. -- Chris Quoting when replying to this message is good for your karma. Using The Bat! v3.0.1.33 on Windows XP 5.1 Build 2600 Service Pack 2 Accessing a POP3 mailbox. I'd love to go out with you, but I have to stay home and see if I snore. pgpI9kNcsFuFD.pgp Description: PGP signature Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re: need NOD32 plug-in source
X-Rogue,:PACO: Hello all, Friday, February 25, 2005, Jan Rifkinson wrote: Would someone be so kind as to direct me to the current NOD32 plug-in? this is the last version developed by Ritlabs and working with 3.x version: http://www.thebat.cz/stazeni/beta/nod32.rar (50kB) Would someone please explain what this Nod32 plugin is? I've been using Nod32 for over two years with excellent results, and the Bat! for longer than that, but I never run across a Nod32 plugin. Have I been sleeping? Paco -- Using The Bat! 3.0.1.33 under Windows XP 5.1 Build 2600 Service Pack 2 on a Pentium II with 255MB. :PACO: Current version is 3.0.1.33 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html