Re: Need help with a Klez filter!
Hi Michael,
On Saturday, July 27, 2002 at 12:59:17 PM , Michael scibbled:
A Since I do not use NAV, I am not really sure how it works with TB! or how
A it would work with the filters suggested can someone else maybe
A elaborate for me, and give opinion on whether this would work or not?
MT NAV sits between the Mail client and the Server, examing mail as it is
MT sent recived. The send I think works as its own SMTP device.
MT I dont think NAV will support features such as filtering to folders
MT because of this, as the message attachment will never reach The BAt!
MT or any other email app, so as far as the BAT is concerd the email is
MT coming straight from the server with no scanning.
MT NAV Uses Port 3066 I think to listen for traffic and filters from
MT there.
Thank you, Michael, for your pleasant, prompt, easy to understand
explanation :)
Blessings and light,
~~~Angel
Sunday, July 28, 2002 2:54:29 PM
--
-={+}=-Senza fiduccia niente-={+}=-
[EMAIL PROTECTED] | TheBat! 1.60q
| http://www.ritlabs.com
| on Windows 2000 5 Service Pack 2 (Win2K Pro)
| 1gHz 40Gb hard disk 512Mb RAM
Current Ver: 1.61
FAQ: http://faq.thebat.dutaint.com
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]
Bug Reports: https://www.ritlabs.com/bt/
Re: Need help with a Klez filter!
Hi Spike,
On Friday, July 26, 2002, Spike wrote:
KGH I'm getting spammed to death by this $#!%@*#! Klez virus,
KGH and could really use some help setting up a filter!
SI'm not sure what you want TB! to do! The NAV is catching it BEFORE TB!
Seven sees it! Only after the message is stored in a folder {INBOX} will
Sa filter be used. NAV catches it and quarantines it as it is supposed to.
Yes, I know that...I'm not concerned that it is/was a virus.
What I _would_ like is that they be moved to another folder/trash instead
of processed by other filters, and thereby scattered within the account
folders!
KGH The one common factor is that Norton AV is catching the
KGH virus itself,
SThis is exactly what is supposed to happen! :-)
SIf you don't want any virus to reach you, the only option is to pull the
Slittle phone plug out of the wall! Not what you want :( I only get about
S20 of them a day, which I IGNORE as I don't even use any anti-virus. TB!
Sdoesn't need it if set up properly, and with an educated user :)
Again, I'm not concerned that I'm receiving these due to a virus - the
virus doesn't effect me. What is a PITA is that I get 50+ of these a day,
and I am wasting a growing amount of time weeding them out. The purpose
of filters is to automate this kind of mundane work, but as Jonathan Angliss
points out (thanks Jonathan), the Bat! filters won't search into multi-part
headers, so I'm going to have to post this as a feature request I suppose.
http://www.mail-archive.com/tbudl@thebat.dutaint.com/msg44508.html
Thanks anyway ;-)
--
Cheers,
Kim Henkel
http://www.ztree.com
Using The Bat! v1.62/Beta1 on Windows XP 5.1 Build 2600
Current Ver: 1.61
FAQ: http://faq.thebat.dutaint.com
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]
Bug Reports: https://www.ritlabs.com/bt/
Re: Need help with a Klez filter!
Hello Kim, On Sat, 27 Jul 2002 12:40:05 -0400 GMT (27/07/02, 23:40 +0700 GMT), Kim G. Henkel wrote: KGH Again, I'm not concerned that I'm receiving these due to a virus - the KGH virus doesn't effect me. What is a PITA is that I get 50+ of these a day, KGH and I am wasting a growing amount of time weeding them out. Just a suggestion: I would try and change email addresses. 50+ non-relevant messages a day (virus or spam) would be enough to even consider the trouble of talking to a sysad in the office, and informing all legit keepers of my email address of the change (whether private or business). -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Vacuum: A large, empty space where the pope lives. Message reply created with The Bat! 1.62/Beta1 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: Need help with a Klez filter!
On Saturday, July 27, 2002 at 9:40:05 AM , Kim scibbled:
S Only after the message is stored in a folder {INBOX} will
S a filter be used. NAV catches it and quarantines it as it is supposed to.
KGH What I _would_ like is that they be moved to another folder/trash instead
KGH of processed by other filters, and thereby scattered within the account
KGH folders!
Understandable... and I believe, earlier, someone mentioned AVG? :) I have
used AVG for a while now and with the TB! plugin, I get a warning, and AVG
scoots the email into a neat, separate Quarantine folder. This is done BY
AVG itself...no filters necessary :) And I just right click on the FOLDER
ITSELF, and choose Empty Folder and the virus never gets anywhere. :)
I am not sure, but also earlier in the thread, someone mentioned filtering
by subject and I THINK you can create those filters, then go into the
filter options in TB!, find that filter, then choose the ACTIONS tab and tik
the delete message or delete message from the server box... and that will
delete the message? That way it would never be filtered anywhere except to
your trash folderor maybe even remove it entirely from the account ?
Since I do not use NAV, I am not really sure how it works with TB! or how
it would work with the filters suggested can someone else maybe
elaborate for me, and give opinion on whether this would work or not?
Blessings and light,
~~~Angel
Saturday, July 27, 2002 11:55:11 AM
--
-={+}=-Senza fiduccia niente-={+}=-
[EMAIL PROTECTED] | TheBat! 1.60q
| http://www.ritlabs.com
| on Windows 2000 5 Service Pack 2 (Win2K Pro)
| 1gHz 40Gb hard disk 512Mb RAM
Current Ver: 1.61
FAQ: http://faq.thebat.dutaint.com
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]
Bug Reports: https://www.ritlabs.com/bt/
Re[2]: Need help with a Klez filter!
Hello Angel,
Saturday, July 27, 2002, 8:04:54 PM, you wrote:
A On Saturday, July 27, 2002 at 9:40:05 AM , Kim scibbled:
S Only after the message is stored in a folder {INBOX} will
S a filter be used. NAV catches it and quarantines it as it is supposed to.
KGH What I _would_ like is that they be moved to another folder/trash instead
KGH of processed by other filters, and thereby scattered within the account
KGH folders!
A Understandable... and I believe, earlier, someone mentioned AVG? :) I have
A used AVG for a while now and with the TB! plugin, I get a warning, and AVG
A scoots the email into a neat, separate Quarantine folder. This is done BY
A AVG itself...no filters necessary :) And I just right click on the FOLDER
A ITSELF, and choose Empty Folder and the virus never gets anywhere. :)
A I am not sure, but also earlier in the thread, someone mentioned filtering
A by subject and I THINK you can create those filters, then go into the
A filter options in TB!, find that filter, then choose the ACTIONS tab and tik
A the delete message or delete message from the server box... and that will
A delete the message? That way it would never be filtered anywhere except to
A your trash folderor maybe even remove it entirely from the account ?
Yes, but could this not get really messy witha all the different
subjects the infected emails could have, and new variants may use
different subjects, so would this not afford protection?
A Since I do not use NAV, I am not really sure how it works with TB! or how
A it would work with the filters suggested can someone else maybe
A elaborate for me, and give opinion on whether this would work or not?
NAV sits between the Mail client and the Server, examing mail as it is
sent recived. The send I think works as its own SMTP device.
I dont think NAV will support features such as filtering to folders
because of this, as the message attachment will never reach The BAt!
or any other email app, so as far as the BAT is concerd the email is
coming straight from the server with no scanning.
NAV Uses Port 3066 I think to listen for traffic and filters from
there.
--
Best regards,
Michael
Current Ver: 1.61
FAQ: http://faq.thebat.dutaint.com
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]
Bug Reports: https://www.ritlabs.com/bt/
Re[2]: Need help with a Klez filter!
Hello Angel,
Saturday, July 27, 2002, 9:04:54 PM, you wrote:
A On Saturday, July 27, 2002 at 9:40:05 AM , Kim scibbled:
S Only after the message is stored in a folder {INBOX} will
S a filter be used. NAV catches it and quarantines it as it is supposed to.
A Understandable... and I believe, earlier, someone mentioned AVG? :) I have
A used AVG for a while now and with the TB! plugin, I get a warning, and AVG
A scoots the email into a neat, separate Quarantine folder. This is done BY
A AVG itself...no filters necessary :) And I just right click on the FOLDER
A ITSELF, and choose Empty Folder and the virus never gets anywhere. :)
Excuse me for jumping in, but I DO use NAV with TB!, and that IS
exactly what NAV does! It squirrels the email *directly* to its
quarantine directory and does *not* let come into the Inbox. And in
fact, I *don't* see it there.
My personal experience...
--
Best regards,
Joyce
mailto:[EMAIL PROTECTED]
Current Ver: 1.61
FAQ: http://faq.thebat.dutaint.com
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]
Bug Reports: https://www.ritlabs.com/bt/
Re: Need help with a Klez filter!
On Sat, 2002-07-27 at 12:25, Thomas F. wrote: Just a suggestion: I would try and change email addresses. 50+ non-relevant messages a day (virus or spam) would be enough to even consider the trouble of talking to a sysad in the office, and informing all legit keepers of my email address of the change (whether private or business). And that'd just give the possibly infected user another email address to mail the virus too ;) Changing your address probably won't have that much of an affect. Try bugging the sysadmin to track down the source, and see if you can work out who sent it. Either that, or get your sysadmin/isp to install a virus scanner on the mail server, and get it to drop the mail on the server :) -- Jonathan Angliss ([EMAIL PROTECTED]) Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re[3]: Need help with a Klez filter!
Saturday, July 27, 2002, 2:47:34 PM, you wrote: JS Excuse me for jumping in, but I DO use NAV with TB!, and JS that IS JS exactly what NAV does! It squirrels the email *directly* JS to its JS quarantine directory and does *not* let come into the Inbox. JS And in JS fact, I *don't* see it there. JS My personal experience... I'm pretty sure mine does too .. or actually deletes it. It's in the settings somewhere, I think - you can tell it to quarantine or delete. Lynn -- 1.60q on Win2kPro SP2 [EMAIL PROTECTED] * * *Aun Aprendo I'd rather be WARP'ed* * * Team OS/2 Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: Need help with a Klez filter!
Hello Jonathan, On 27 Jul 2002 17:21:59 -0500 GMT (28/07/02, 05:21 +0700 GMT), Jonathan Angliss wrote: JA And that'd just give the possibly infected user another email address to JA mail the virus too ;) Not necessarily. All those who get the info about the new address will also be told the reason - that someone with the old address on his computer keeps sending the Klez virus and all are asked to scan their computers to see whether it's them. JA Changing your address probably won't have that much of an affect. JA Try bugging the sysadmin to track down the source, and see if you JA can work out who sent it. This would be the first step, before even changing the address. I assumed that the sources (of 50+ virus mails *per day*) could not be found. JA Either that, or get your sysadmin/isp to install a virus scanner JA on the mail server, and get it to drop the mail on the server :) Probably a good idea, which will work in a company environment but not if you are connected to an ISP. For illustration, I once sent a very angry email to my own ISP after I had I complained that their public announcements (server down / international link down / etc) were in text/html which I couldn't read with the version of pine on their server and which opens when I telnet into my account on port 23. They recommended using Outlook. I didn't even notice that Outlook probably doesn't run under unix (does it?), but apart from the fact that it was the pine version they themselves had offered to me (and left me no choice when reading my mail while travelling), I was so surprised that an ISP would recommend the major virus distributor since the invention of the internet, that I really bashed them. I wouldn't expect them to know how to set up server-side virus protection and would always protect myself, even if they said they have done so. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Our parents were never our age. Message reply created with The Bat! 1.62/Beta1 under Chinese Windows 98 4.10 Build A using an AMD Athlon K7 1.2GHz, 128MB RAM Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: Need help with a Klez filter!
On Sat, 2002-07-27 at 21:19, Thomas F. wrote: Hello Jonathan, On 27 Jul 2002 17:21:59 -0500 GMT (28/07/02, 05:21 +0700 GMT), Jonathan Angliss wrote: JA And that'd just give the possibly infected user another email address to JA mail the virus too ;) Not necessarily. All those who get the info about the new address will also be told the reason - that someone with the old address on his computer keeps sending the Klez virus and all are asked to scan their computers to see whether it's them. The reason I said that was because somebody recently infected with the Yaha virus hit one of the sales accounts where I work with over 90 emails in a 10 minute period, talking with them on the phone, they refused to believe they were infected (despite evidence to the contrary such as email headers, paths, return addresses, mail logs etc), and decided not to take actions. I subsequently set sendmail to refuse mail from them with a nice message :) JA Either that, or get your sysadmin/isp to install a virus scanner JA on the mail server, and get it to drop the mail on the server :) Probably a good idea, which will work in a company environment but not if you are connected to an ISP. Big time ISPs probably wouldn't touch the idea of trying to install a virus scanner on their services... too many legal issues, time consuming, and just another service that can go wrong for them. Plus there is the huge cost that would result in that kind of service for so many email addresses (most mail scanners change per seat/email account). For illustration, I once sent a very angry email to my own ISP after I had I complained that their public announcements (server down / international link down / etc) were in text/html which I couldn't read with the version of pine on their server and which opens when I telnet into my account on port 23. Which is true, although I think the later versions of pine may be able to pull the plain text out of the HTML body, but still a pain. The unusual thing is they are sending those kinds of things in html, that personally would drive me mad. My current ISP is 'very good' about notifications, they mail out about 12 hours before they do anything, with one line most of the time ;) My last one was: services will be intermittent between 04:30 and 05:30 tomorrow as we are working on our routers That was it ;) They recommended using Outlook. I didn't even notice that Outlook probably doesn't run under unix (does it?), but apart from the fact that it was the pine version they themselves had offered to me (and left me no choice when reading my mail while travelling), I was so surprised that an ISP would recommend the major virus distributor since the invention of the internet, that I really bashed them. I wouldn't expect them to know how to set up server-side virus protection and would always protect myself, even if they said they have done so. Erm... Outlook doesn't run on Linux, let alone a terminal connection, as it is a GUI program. It has only 'recently' been ported to the Mac with Internet Explorer, and Office (aka Office 98). Small time ISPs may look into it if they get enough queries, but big time ISPs probably wouldn't even harbor the thought due to issues mentioned above. Setting up the virus scan on the mail servers I run was a case of about 3 commands due to the nice a simple setup developed by Sophos (a great UK based AV company). -- Jonathan Angliss ([EMAIL PROTECTED]) Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
Re: Need help with a Klez filter!
Hello Kim G. Henkel,
Friday, July 26, 2002, 3:34:59 PM, in a galaxy far, far away,
Kim wrote:
KGH I'm getting spammed to death by this $#!%@*#! Klez virus,
KGH and could really use some help setting up a filter!
I'm not sure what you want TB! to do! The NAV is catching it
BEFORE TB! even sees it! Only after the message is stored in a
folder {INBOX} will a filter be used. NAV catches it and
quarantines it as it is supposed to.
KGH The one common factor is that Norton AV is catching the
KGH virus itself,
This is exactly what is supposed to happen! :-)
If you don't want any virus to reach you, the only option is to
pull the little phone plug out of the wall! Not what you want :(
I only get about 20 of them a day, which I IGNORE as I don't even
use any anti-virus. TB! doesn't need it if set up properly, and
with an educated user :)
--
Warmest tropical wishes,
Spike
--
Running The Bat! V1.60h on Windows 2000 Vers. 5 0
Build 2195 Service Pack 2
Current Ver: 1.61
FAQ: http://faq.thebat.dutaint.com
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]
Bug Reports: https://www.ritlabs.com/bt/
Re: Need help with a Klez filter!
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Kim, @26 July 2002, 16:34 -0400 (21:34 UK time) Kim G. Henkel [KGH] in mid:[EMAIL PROTECTED] said: KGH I'm getting spammed to death by this $#!%@*#! Klez virus, KGH and could really use some help setting up a filter! Use an AV package that is compatible with TB, e.g. AVG from www.grisoft.com, and a TB plug-in to support it. The viruses can be easily filtered to a quarantine folder. The AVG plug in can be downloaded from here: AVG: http://www.thebat.ipex.cz/stazeni/beta/avgbat8us.exe Other plug-ins for TB include these: Dr Web: http://www.dials.ru/english/inf/thebat.htm And these: ftp://www.ritlabs.com/pub/the_bat/bav/SophosNT.BAV ftp://www.ritlabs.com/pub/the_bat/bav/Sophos95.BAV ftp://www.ritlabs.com/pub/the_bat/bav/Panda.BAV ftp://www.ritlabs.com/pub/the_bat/bav/Nod32.BAV ftp://www.ritlabs.com/pub/the_bat/bav/BitDefSt.BAV ftp://www.ritlabs.com/pub/the_bat/bav/AntiVirNT.BAV ftp://www.ritlabs.com/pub/the_bat/bav/AntiVir95.BAV - -- Cheers -- .\\arck D Pearlstone -- List moderator TB! v1.62/Beta1 on Windows 2000 5.0.2195 Service Pack 2 ' -BEGIN PGP SIGNATURE- Version: GnuPG v1.1.90-nr1 (Windows 2000) iD8DBQE9QeeQOeQkq5KdzaARAib8AJ4qRPcFefC7jb9PE7theWvkyfKwpACfUmYG XaN7l8XdGrKP/7Msa+Zf5Kk= =BXuf -END PGP SIGNATURE- Current Ver: 1.61 FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
