Hallo Jason and Marck,
On Tue, 9 May 2000 17:42:12 +0100 GMT (10.05.2000, 00:42 +0800 GMT),
Jason wrote:
>>> PC-Cillin tells me that the file BAT7382.TMP is infected. Now I would
>>> like to inform the sender (or rather, the owner of the computer that
>>> sent me this file) that his box is infrected. How do I find out to
>>> which email this attachment (I guess) belonged?
>> First thing to come to mind: Search through your messages for those
>> with attachments and received on the same day as the timestamp on
>> that TMP file.
Time stamp - I should have thought of that. So I went through all my
accounts, and each folder, but still couldn't find any message with a
corresponding time stamp. Then Marck's message came in:
MDP> If the file is externally saved in the attachments folder then it will
MDP> appear as a named file in the artificial X-BAT-FILES header so a
MDP> message search for the named file in headers should find it.
Maybe. The file name in the X-FILES, sorry: X-BAT-FILES, will be the
same as the attachment name, not a BATxxxx.TMP name.
Further assiduous search by any means possible revealed that the log
of my work account contains the following line:
FETCH - could not store message (file name - C:\WINDOWS\TEMP\BAT7382.TMP)
Since I "leave messages on server" on my work account when I'm at
home, I looked into what is still there (dispatch messages on server)
and found the offending message. It was not in the Inbox of that
account and thus had not been downloaded at all! The .TMP file is
quarantined on my PC, so I believe TB decided not to download, or list
the message in the message list of the Inobx, as TB could not store it
(or the attachment) where it wanted to.
Anyway, I deleted the message from the server and the quarantined
virus file from my windows\temp directory, and I conclude the
cooperation of TB and PC-Cillin was quite nice. Even though the visual
output did not help me find the source at first.
--
Cheers,
Thomas mailto:[EMAIL PROTECTED]
Message reply created with The Bat! 1.42c
under Chinese Windows 98 4.10 Build 1998
using an Intel Celeron 366Mhz, 128MB RAM
--
--------------------------------------------------------------
View the TBUDL archive at http://tbudl.thebat.dutaint.com
To send a message to the list moderation team double click here:
<mailto:[EMAIL PROTECTED]>
To Unsubscribe from TBUDL, double click here and send the message:
<mailto:[EMAIL PROTECTED]>
--------------------------------------------------------------
You are subscribed as : [email protected]
