Re: Re[2]: Virus warning upon execution of mail download
I would like to thank Thomas Fernandez and everyone else who wrote in regarding the virus warning I received upon downloading mail. (For those who are keeping track, I posted the problem from my other e-mail address ([EMAIL PROTECTED]).) Because my eTrust AV program works so well, it caught the virus on an incoming e-mail and didn't allow the virus laden e-mail into my in-box. It remained, however, in the Temp folder and on the server. Deleting the e-mail from the Temp file was only half the job. By going out to the server (I chose to use webmail to get a direct look at what was on the server) I was able to spot the offending message and delete it. The fixed the problem. Again, thanks for the help. [Now, could someone PLEASE help with the other problem I posted to the list the other day regarding copying the prgram to my laptop?] -- Avi Avram Sacks Chicago, IL [EMAIL PROTECTED] [EMAIL PROTECTED] using The Bat ver. 1.62r with WinXP Professional. Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus warning upon execution of mail download
Hello Thomas, TF>>> The AV should kick in when I ask it. That's how I have set it: It I do TF>>> want to open an attachment, I ask the doctor (PC-Cillin): Does this TF>>> file contain a virus? T>> I *will* forget to ask the doctor for sure :( T>> That's why I have set everything to automatic. TF> Then don't complain about it nanny-ing you, or alternatively download TF> the mind-reading plug-in. <.> TF> outlaw OE/OL and you have the main problem fixed. Why are we TF> discussing this here, by the way? Mmmm, sounds like I somehow touch a sore spot. Better stop this discussion... -- Best regards, Tony Expressing anger is a form of public littering. Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus warning upon execution of mail download
Hello Melissa, MR> Hi William, MR> On Sunday, June 13, 2004, at 12:52:08 AM PST, you wrote: >> I don't have this problem using NOD32 independently. >> It flags an incoming virus-laden message, I delete it, end of story. MR> I've been using NOD32 for a few years now (since v1.x), and I really MR> like the way v2 is working (no more need to configure that old POP3 MR> scanner module). I don't use a TB! plug-in, and messages aren't MR> repeatedly downloaded to the temp folder. Once I delete an infected MR> message at the point NOD32 detects it (during new message download), I MR> delete it, and never hear from it again. :-) Good news! I'm a NOD32 supporter myself. Melissa watch out for NOD32! You are in it's virus base :D -- Best regards, Tony Life is the art of drawing sufficient conclusions from insufficient premises. Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus warning upon execution of mail download
Hello Thomas, <.> T>> At that time the other part of your AV should kick in. TF> The AV should kick in when I ask it. That's how I have set it: It I do TF> want to open an attachment, I ask the doctor (PC-Cillin): Does this TF> file contain a virus? I *will* forget to ask the doctor for sure :( That's why I have set everything to automatic. T>> But I don't like that solution because I want to kill the virus asap. TF> I do that with the key. But only after you started reading your incoming mail. As you said there is no problem opening a virus mail on a non MS client. I'm on other high volume lists where a large percentage uses Outlook (express) All people with good intentions. But sometimes a virus pops up. The sender just forwarded an infected mail to the list. I know it's a 'that happens once in a lifetime' example. My point is just that IMO it the duty of every Internet user is to stop spreading viruses the best s/he can. Even if her/his own system is immune to it. T>> And I don't like TB! forcing me to change AV. TF> It isn't. You only need to adjust your settings to your environment TF> and your desired behaviour. -- Best regards, Tony Why the sun lightens our hair, but darkens our skin? Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus warning upon execution of mail download
Hello Thomas, Sunday, June 13, 2004, 2:11:14 AM, you wrote: a>> And, just exactly, what IS TB's mail despatcher (dispatcher?) TF> It's a utility with which you can manage mails on the (POP) server: TF> Account / Despatch Mail on Server / All messages. a>> It would appear that these files are in the Temp subdirectory. TF> The despatcher shows you the mails on the server, before they even TF> get to the temp directory. If I use this utility, will I be able to identify which messages to delete, or will it automatically delete all of them before I get a chance to say "yes" or "no?" -- Avram Avram Sacks Chicago, Il using The Bat ver. 1.62r on Win XP Pro Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus warning upon execution of mail download
Hello Thomas, Sunday, June 13, 2004, 12:35:20 AM, you wrote: I wrote: On Sat, 12 Jun 2004 23:48:46 a>> eTrust EZ Antivirus real-time protection has found that a>> C:\DOCUME~1\AVRAM\LOCALS~1\Temp\bat653.tmp is HTML.ObjectDataHTA a>> dropper [snip] a>> However, I continue to get warning messages each time I download a>> e-mail. The message is always the same, except that the number a>> changes. TF> Of course. As TB hasn't successfully downloaded and imported the mail, TF> it will try to do so at every mail check. This will not stop unless TF> you delete the message on serever using TB's mail despatcher, or turn TF> off your over-eager AV program. If I understand correctly, what happened is that when The Bat attempts to download e-mail, it is first downloaded to the Temp directory. If the message has a virus, then my AV software (My eTrust by Computer Associates) will prevent the e-mail from going into a mail folder. (Assuming, of course, that the signature files for the AV software recognize the virus.) However, the virus-laden message still remains on the server because The Bat would only direct the server to delete the message AFTER the message finds its way into a Bat folder. Because the message was only able to go as far as the Temp subdirectory, The Bat did not instruct the server to delete the offending e-mail. Is this correct. Based on this, and not being familiar with "mail despactcher" I assumed that I needed to delete a virus-laden message off of the server. So, using webmail, I went out to the server using my web browser and deleted two suspicious messages, both of which had attachments. How do I delete the message on the server using TB's mail despatcher. And, just exactly, what IS TB's mail despatcher (dispatcher?) It would appear that these files are in the Temp subdirectory. Ahhh, but your note gave me an idea. I turned off AV just long enough to highlight and delete the bat*.tmp files. Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html
Re[2]: Virus warning upon execution of mail download
Hello All, a>> eTrust EZ Antivirus real-time protection has found that a>> C:\DOCUME~1\AVRAM\LOCALS~1\Temp\bat653.tmp is HTML.ObjectDataHTA a>> dropper <.> a>> However, I continue to get warning messages each time I download a>> e-mail. The message is always the same, except that the number a>> changes. <.> TF> See above. It is a good idea to exclude the temp folder from AV TF> scanning, or at least exclude bat*.tmp files within that folder from TF> the real-time scan. I'm not sure that helps (in all cases) It probably depends on the AV but some programs don't just scan the files but the POP3/MAPI data stream. So the AV kick into action even before the virus gets written to disk. So excluding the scanning directory won't help. A 'solution' could be not to scan e-mail at all. The virus will just wait to get activated by Reading the e-mail or something. At that time the other part of your AV should kick in. But I don't like that solution because I want to kill the virus asap. TF> Oh, and referring to another thread: This problem doesn't exist with TF> plug-ins. That's the other advantage of AV plug-ins for TB. Thread will get mixed up now; but the info in both threads apply to my original question. I can understand the use of a plug-in when using encrypted connections. But I have less positive thoughts about your .bat explanation. I use an AV that outclasses (IMO) many others, including some with plug-ins. And I don't like TB! forcing me to change AV. -- Best regards, Tony An empty stomach is not a good political adviser. Current version is 2.11.02 | 'Using TBUDL' information: http://www.silverstones.com/thebat/TBUDLInfo.html