Re: Re[2]: Virus warning upon execution of mail download
I would like to thank Thomas Fernandez and everyone else who wrote in regarding the virus warning I received upon downloading mail. (For those who are keeping track, I posted the problem from my other e-mail address ([EMAIL PROTECTED]).) Because my eTrust AV program works so well, it caught the virus on an incoming e-mail and didn't allow the virus laden e-mail into my in-box. It remained, however, in the Temp folder and on the server. Deleting the e-mail from the Temp file was only half the job. By going out to the server (I chose to use webmail to get a direct look at what was on the server) I was able to spot the offending message and delete it. The fixed the problem. Again, thanks for the help. [Now, could someone PLEASE help with the other problem I posted to the list the other day regarding copying the prgram to my laptop?] -- Avi Avram Sacks Chicago, IL [EMAIL PROTECTED] [EMAIL PROTECTED] using The Bat ver. 1.62r with WinXP Professional. Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus warning upon execution of mail download
Hello All, a eTrust EZ Antivirus real-time protection has found that a C:\DOCUME~1\AVRAM\LOCALS~1\Temp\bat653.tmp is HTML.ObjectDataHTA a dropper . a However, I continue to get warning messages each time I download a e-mail. The message is always the same, except that the number a changes. . TF See above. It is a good idea to exclude the temp folder from AV TF scanning, or at least exclude bat*.tmp files within that folder from TF the real-time scan. I'm not sure that helps (in all cases) It probably depends on the AV but some programs don't just scan the files but the POP3/MAPI data stream. So the AV kick into action even before the virus gets written to disk. So excluding the scanning directory won't help. A 'solution' could be not to scan e-mail at all. The virus will just wait to get activated by Reading the e-mail or something. At that time the other part of your AV should kick in. But I don't like that solution because I want to kill the virus asap. TF Oh, and referring to another thread: This problem doesn't exist with TF plug-ins. That's the other advantage of AV plug-ins for TB. Thread will get mixed up now; but the info in both threads apply to my original question. I can understand the use of a plug-in when using encrypted connections. But I have less positive thoughts about your .bat explanation. I use an AV that outclasses (IMO) many others, including some with plug-ins. And I don't like TB! forcing me to change AV. -- Best regards, Tony An empty stomach is not a good political adviser. Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus warning upon execution of mail download
Hello Thomas, Sunday, June 13, 2004, 12:35:20 AM, you wrote: I wrote: On Sat, 12 Jun 2004 23:48:46 a eTrust EZ Antivirus real-time protection has found that a C:\DOCUME~1\AVRAM\LOCALS~1\Temp\bat653.tmp is HTML.ObjectDataHTA a dropper [snip] a However, I continue to get warning messages each time I download a e-mail. The message is always the same, except that the number a changes. TF Of course. As TB hasn't successfully downloaded and imported the mail, TF it will try to do so at every mail check. This will not stop unless TF you delete the message on serever using TB's mail despatcher, or turn TF off your over-eager AV program. If I understand correctly, what happened is that when The Bat attempts to download e-mail, it is first downloaded to the Temp directory. If the message has a virus, then my AV software (My eTrust by Computer Associates) will prevent the e-mail from going into a mail folder. (Assuming, of course, that the signature files for the AV software recognize the virus.) However, the virus-laden message still remains on the server because The Bat would only direct the server to delete the message AFTER the message finds its way into a Bat folder. Because the message was only able to go as far as the Temp subdirectory, The Bat did not instruct the server to delete the offending e-mail. Is this correct. Based on this, and not being familiar with mail despactcher I assumed that I needed to delete a virus-laden message off of the server. So, using webmail, I went out to the server using my web browser and deleted two suspicious messages, both of which had attachments. How do I delete the message on the server using TB's mail despatcher. And, just exactly, what IS TB's mail despatcher (dispatcher?) It would appear that these files are in the Temp subdirectory. Ahhh, but your note gave me an idea. I turned off AV just long enough to highlight and delete the bat*.tmp files. Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus warning upon execution of mail download
Hello Thomas, Sunday, June 13, 2004, 2:11:14 AM, you wrote: a And, just exactly, what IS TB's mail despatcher (dispatcher?) TF It's a utility with which you can manage mails on the (POP) server: TF Account / Despatch Mail on Server / All messages. a It would appear that these files are in the Temp subdirectory. TF The despatcher shows you the mails on the server, before they even TF get to the temp directory. If I use this utility, will I be able to identify which messages to delete, or will it automatically delete all of them before I get a chance to say yes or no? -- Avram Avram Sacks Chicago, Il using The Bat ver. 1.62r on Win XP Pro Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus warning upon execution of mail download
Hello Thomas, . T At that time the other part of your AV should kick in. TF The AV should kick in when I ask it. That's how I have set it: It I do TF want to open an attachment, I ask the doctor (PC-Cillin): Does this TF file contain a virus? I *will* forget to ask the doctor for sure :( That's why I have set everything to automatic. T But I don't like that solution because I want to kill the virus asap. TF I do that with the del key. But only after you started reading your incoming mail. As you said there is no problem opening a virus mail on a non MS client. I'm on other high volume lists where a large percentage uses Outlook (express) All people with good intentions. But sometimes a virus pops up. The sender just forwarded an infected mail to the list. I know it's a 'that happens once in a lifetime' example. My point is just that IMO it the duty of every Internet user is to stop spreading viruses the best s/he can. Even if her/his own system is immune to it. T And I don't like TB! forcing me to change AV. TF It isn't. You only need to adjust your settings to your environment TF and your desired behaviour. -- Best regards, Tony Why the sun lightens our hair, but darkens our skin? Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus warning upon execution of mail download
Hello Melissa, MR Hi William, MR On Sunday, June 13, 2004, at 12:52:08 AM PST, you wrote: I don't have this problem using NOD32 independently. It flags an incoming virus-laden message, I delete it, end of story. MR I've been using NOD32 for a few years now (since v1.x), and I really MR like the way v2 is working (no more need to configure that old POP3 MR scanner module). I don't use a TB! plug-in, and messages aren't MR repeatedly downloaded to the temp folder. Once I delete an infected MR message at the point NOD32 detects it (during new message download), I MR delete it, and never hear from it again. :-) Good news! I'm a NOD32 supporter myself. Melissa watch out for NOD32! You are in it's virus base :D -- Best regards, Tony Life is the art of drawing sufficient conclusions from insufficient premises. Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus warning upon execution of mail download
Hello Thomas, TF The AV should kick in when I ask it. That's how I have set it: It I do TF want to open an attachment, I ask the doctor (PC-Cillin): Does this TF file contain a virus? T I *will* forget to ask the doctor for sure :( T That's why I have set everything to automatic. TF Then don't complain about it nanny-ing you, or alternatively download TF the mind-reading plug-in. . TF outlaw OE/OL and you have the main problem fixed. Why are we TF discussing this here, by the way? Mmmm, sounds like I somehow touch a sore spot. Better stop this discussion... -- Best regards, Tony Expressing anger is a form of public littering. Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus Scan msg on mail check - Exploit-MIME.gen.exe
Hello Marck, On Tue, 10 Jun 2003 10:38:55 +0100 GMT (10.06.2003, 11:38 +0200 GMT, where I live), you wrote: Snip MDP 3) Get shot of McAffee and instead use an AV solution MDP that has a TB plug in and won't interfere with normal MDP operation. NOD32 is generally acknowledged as the best MDP while Kaspersky is also known to be good. I personally MDP use AVG, although many don't rate it very highly. I have been quite happy with AVG (the free version), but on two recent occasions it detected viruses which arrived, through one of the children using Kazaa. Each time, I received a msg saying that my computer had a virus and that I should run AVG. Which I did. However, I was never given the opportunity to put the infected file in the vault, or to disinfect it. AVG continued to tell me my computer was infected. But could do nothing about it. Do you think that's because I had the free version? Regards, Maurice - Using The Bat! 1.62r under Windows XP 5.1 Pro on a Pentium 2 with 512MB. Current version is 1.62r | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus Scan msg on mail check - Exploit-MIME.gen.exe
Hello David, Tuesday, June 10, 2003, 2:26:49 PM, you wrote: DB 6.02.3000.1 DB Thanks for the info. I've found the message on my server and deleted DB it. DB Won't excluding the bat*.temp files within McAffee cause an infection DB if I do receive dodgy mail? I actually use the HAWK feature of McAfee to scan e-mails. And, if McAfee found a virus by scanning the temp files, then sure it would be unwise to exclude them. I didn't have a problem with them, so I never excluded them in McAfee. -- Best regards, Daniel Current version is 1.62r | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus checking on outgoing mail
Basically what Allie said here. Not that I can resist adding my own two cents... IMNSHO scanning outgoing email is a useless function. Here's the reasoning: 1. If your virus scanner is doing its job (and you have it enabled to check incoming emails as well as doing realtime checking when you insert a floppy or some such action) then your system won't contract a virus. The Bat! also prevents you from doing some stupid things that might endanger your system. 2. Your virus checker should be checking your system in real time to ensure that there isn't a virus in memory. If you're not running your system with a virus hiding in memory somewhere, then your outgoing mail won't be infected any more than the files you save onto your hard disk. 3. If there *is* a virus in your system's memory that your virus checker hasn't caught (because it's not in its current virus definitions table) then it won't catch it when you send out emails, either. That said, I run NOD32 on my server and Norton on my client systems just to be doubly safe (with outgoing email checks turned off). NOD32 has caught several parasites coming in on emails and nothing has penetrated as far as the NAV checks, but one can never be too paranoid. -Mark Wieder Using The Bat! v1.63 Beta/4 on Windows 2000 5.0 Build 2195 Service Pack 2 -- Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus Plugins
Hello 3w, Does anyone on this forum heard about compatibility issue between the bat 1.61 and Kaspersky AV plugin ? I made a deinstall-reinstall procedure and the problem still remains. Any comment ? Le Thursday, January 16, 2003, à 7:53:40 AM, vous avez écrit: 3 Wednesday, January 15, 2003, 6:58:20 PM, you wrote: What Virus Plug-in do you all recommend for use with the Bat? 3 I used the following software in the past 2 years, each of it for a 3 longer period of time, all full versions: 3 G Data Antiviren Kit 11 3 Great software, test winner in c't and several other journals. Finds 3 almost everything, uses pop.server for mail client. TB! hung several 3 times (every 3rd time or so) when more than 1 account had mail. 3 Several demands to support only produced 'help for dummies' - they 3 just wouldn't believe that their software didn't work as expected. 3 The system-performance is MUCH SLOWER because of the OnAccess scanner 3 (I had it always on). Had problems once with a virus test, Marck 3 helped me out (thanks for that ;-)). 3 Kaspersky Professional 3 Works with plugin, great scanner, system slow, really confusing 3 interface if you're used to other software e.g. G Data. 3 Norton AV 3 IMHO: Just forget about them, didn't made me lucky at any time. 3 AVG 3 The only one that's free!!! for personal use. Doesn't slow down 3 the system too much, what I almost prefer most. Works with plugin for 3 TB! (and works fine on my systems!). Maybe not the best scanner 3 (following the test results), but in my experience and the ones of 3 many others on this list it catches quite a lot. 3 This was a bit of a longer answer, but I thought it could be helpful 3 for you. I recommend AVG and the use of 'your brain', the best AV-tool 3 on the market. ;-))) 3 3w 3 3 Current version is 1.62 | Using TBUDL information: 3 http://www.silverstones.com/thebat/TBUDLInfo.html -- Cordialement, Oliviermailto:[EMAIL PROTECTED] Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus Plugins
I have tried NAV 2002 and 2003 and have a problem with timeouts due to its e-mail scanning. The problem is that I maintain both of NATCAS big Internet servers. One we use as a e-mail server running mailsite and the other as a web server. We use sieve filters for virus protection in the e-mail system, and the way that they work is that when they find a suspicious e-mail it blocks the e-mail and sends it to the postmaster account on the mailserver. I then have to download the postmaster account via the bat and this just drives Norton crazy, as every e-mail contains a virus and Norton ends up causing the connection to timeout. I have the need to download and inspect the emails to insure the sieve filters are working properly. I do the same thing for spam i have sieve filters for it also. I talked to Norton about the problem and they advised they know of the problem but they don't have the fix. :( So I'm looking for an alternative, preferably one with a good log file. I am trying the free version of AVG but can't find the log file or it doesn't seem to produce one for e-mail scanning. Current version is 1.62 | Using TBUDL information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus filtering
ACM However, TB! will search only the headers and text body for ACM matching strings. Yes, but Allie, those infected attachments are referenced in the header by the strings that Mitja defined. It's for those references that Mitja was setting up a filter. Looking at the source of some infected messages that just came in, I find strings like: name=Rescue.bat and name=Wyugm.pif. Best, -Daan- Current Ver: 1.60q FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://bt.ritlabs.com
Re[2]: Virus filtering
Hi Allie, ACM on examination of the source, if I look *after* the message body ACM where TB! doesn't search, Now I see! I'm still used to a different representation of internet headers (from using Compuserve for years, where they are translated and put below the message body, along with any kludges and attachment headers). I thought I'd found an easy way to sort viruses to the trashcan.. oh well :) I've decided not to do any POP scanning. I prefer to have as few tasks running in the background as possible. I couldn't get NOD32 to work with the beta NOD32.BAV plugin (and it didn't impress me as a fully developed program), so I think I'll stick with good old Kaspersky and switch to their AV toolkit v4 which is said to have a TB plug-in. Is anyone on the list using KAV and their plugin to good (or bad) effect? Thanks, -Daan- --no strings attached :) Current Ver: 1.60q FAQ: http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://bt.ritlabs.com
Re[2]: Virus
Syafril, On Mon, 3 Dec 2001, at 19:16:07 [GMT +0700] (which was 5:46 PM where I live) you wrote: SH AFAIK AVP from Kaspersky Labs can detect viruses even we set SH attachment inline message body (not in separate directory/folder). My SH Av on Mail Server also using Kaspersky Labs AV Engine. Honestly I found this a little tough to configure. A very steep learning curve. I likes AVGMcafee (with TB) because they do not check for Viruses while downloading (if TB is configured to keep attachments in the body). TB will not allow me to open a file with multiple secondary names forcing me to save it. Which is when the Av programme does its work. So downloads of mail can be done w/o manual assistance and I have adequate protection. -- Warm regards, Raj mailto:[EMAIL PROTECTED] Why is it that to stop Windows Operating System, you have to click on Start? Replied on Monday, December 03, 2001 using TB Ver 1.54/10 on Windows NT -- Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Latest Vers: 1.53d FAQ: http://faq.thebat.dutaint.com
Re[2]: Virus
Sunday, December 02, 2001, Kenneth S. Rhee In Regards to Virus KSR Hello Kevin, KSR 2 Dec 2001, 2:40:33 PM, you wrote: KSR What virus? I don't think I have received such e-mail lately. The Virus is the W32.Badtrans Virus, Quite a Dangerous one which goes through the address book and Emails all contacts, i believe this is what has happened. Regards, Kevin Conlin -- Kevin Conlin. http://www.DarkServ.Net BT Operator - UK Running The Bat 1.53t on Windows NT 5.0 -- -- Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Latest Vers: 1.53d FAQ: http://faq.thebat.dutaint.com
Re[2]: Virus
Hi Jan, On dimanche 2 décembre 2001 at 23:34:24, you wrote : Eric I confirm. With AVP, the message couldn't be Eric downloaded and I had to delete it on the server. Eric It is I.Worm.BadrtransII as registered by AVP. JR Does this mean that AVP automatically prevented the JR message from downloading to your machine? Not exactly. AVP prevented message to arrive in the Incoming Box. When The Bat! download the message, a batxx.tmp file is created before in temp directory and then converted in real message incoming box. AVP warned when the batxx.tmp file was created and prevented The Bat! access to it. So The Bat! was unable to put this message in Incoming Box. I just had tmp files (inoffensive) created in TEMP directory. In the same time, this message was not deleted from the POP server probably because the process was interrupted by AVP. So, I had to delete it whith the Server Manager. Until that, The Bat! was trying to re-download it each time it was collecting POP3... and each time, a new temp file was created... -- Regards, Ericmailto:[EMAIL PROTECTED] Using The Bat! v1.54/10 on Windows NT 5.1 Build 2600 -- Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Latest Vers: 1.53d FAQ: http://faq.thebat.dutaint.com
Re[2]: Virus On Mail Check
-BEGIN PGP SIGNED MESSAGE- Que tal Marcel, ...and erase your windows\temp directoy - -- |\ /^~~^\ /| -qqQ-\O||O/-Qpp---=Siguiendo el tema=--- \oo/ ~~ El Viernes 30 de Noviembre de 2001 a las 22:40:53 GMT (osease, a las 3:40 PM en mi México lindo), Marcel en el mensaje con tema: Virus On Mail Check comento (por lo menos en parte y quiza acotado por mi): M So Markus was right. M After you've found out that an infected message is sent, delete it M from the server manually, either by webmail, or the mail dispatcher. Yes :-) - --d--b-=Fin de la copia del mensaje=- () \()/ \/ - -- -=ToÑo.!=- 'Lo horrendo de los verdaderos infiernos es que tienen una ventana por la que se ve el paraíso' (Enrique Solari) ,,, (^;^) ,,,__ -=ToÑo.!=- [EMAIL PROTECTED] ICQ-UIN:50036143 Llave PGP http://a_mi_go_.4d2.net __w__w_ The information contained in this transmission, which may be confidential and proprietary, is only for the intended recipients. Unauthorized use is strictly prohibited. If you receive this transmission in error, please notify me immediately by telephone or electronic mail and confirm that you deleted this transmission and the reply from your electronic mail system. /// CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. Any unauthorized review, use, disclosure or distribution is prohibited. If you are not the intended recipient, please contact the sender by reply e-mail and destroy all copies of the original message. ¢ -BEGIN PGP SIGNATURE- Version: PGP 6.5i Comment: Apasionate y Apasiona iQCVAwUBPAkUkIPdrd6lx+FTAQG4OQQArtTBvaHguKhr+iMI/8bP1YyaluyjyzUD uq7OH290owiB1XO2wLGqW+yhr8S3HKkMN6EhkifzNKfMCnm0hOBydl2dOV25tfT8 X/SSB8eqtqZshA5g8IU7LqljRHb+k41qlDqocdIDOuJJtdGn5xT7To2EOZPtoupG BgajlChoRZ8= =NJPk -END PGP SIGNATURE- _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com -- Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Latest Vers: 1.53d FAQ: http://faq.thebat.dutaint.com
Re[2]: Virus
Nick, On Wed, 05 Sep 2001, at 17:20:55 [GMT -0700] (which was 5:50 AM where I live) you wrote: looks like an error in CAI's virus-signature file ... NA Why are you so sure it's in error? Perhaps you really *are* infected. I NA would run another Anti-Virus Program... sort of second opinion if you NA will. For everybody information : I just ran Mcafee on TB specifically and my entire Hard Disk. Glad to report that no Virus was detected in TB (or my machine) -- Warm regards, Raj mailto:[EMAIL PROTECTED] Replied on Thursday, September 06, 2001 using TB Ver 1.53d -- Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Unsubscribe: mailto:[EMAIL PROTECTED] Latest Vers: 1.53d
Re[2]: Virus checking turning OFFFFFFFFFFFFFFFF
Hello Thomas and Batmans, THANK UU, my savior ! Hi Alexander, On 8 Jun 2000 14:33:08 +0500GMT (08/06/2000, 17:33 +0800GMT), Alexander A. Gomanyuk wrote: AAG I can't endure it anymore ! Please tell me where i can turn off AAG question box concerning viruses in attaches ?! In the registry, look for Current_User/Software/Ritlabs/TheBat, and look at ProtectAllowOpen, ProtectWarnOpen, and ProtectDisableOpen. I have killed these warnings here too - I do look at the file extension before I click onto anything, and I get many Word and Excel files every day. I KNOW a .doc file can contain a virus, and I DON'T run anything called Happy99.exe. Besides, it would be easy to just rename the virus. Regards, Your sincerely registered 3AHO3A [EMAIL PROTECTED]|2:5012/18.2 -- -- View the TBUDL archive at http://tbudl.thebat.dutaint.com To send a message to the list moderation team double click here: mailto:[EMAIL PROTECTED] To Unsubscribe from TBUDL, double click here and send the message: mailto:[EMAIL PROTECTED] -- You are subscribed as : archive@jab.org
Re[2]: Virus checking turning OFFFFFFFFFFFFFFFF
Hello Patrick and Batmans, AAG I can't endure it anymore ! Please tell me where i can turn off AAG question box concerning viruses in attaches ?! AAG Regards, Your sincerely registered AAG 3AHO3A [EMAIL PROTECTED]|2:5012/18.2 ^^^ is this still FIDO? god bless you! ;) ...i remember the time... (la la la la la) ;) U Do ? Oh great ! It still working :) I don't no what for :))) Regards, Your sincerely registered 3AHO3A [EMAIL PROTECTED]|2:5012/18.2 -- -- View the TBUDL archive at http://tbudl.thebat.dutaint.com To send a message to the list moderation team double click here: mailto:[EMAIL PROTECTED] To Unsubscribe from TBUDL, double click here and send the message: mailto:[EMAIL PROTECTED] -- You are subscribed as : archive@jab.org