-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi Miguel,
On Fri, 19 Apr 2002, at 17:47:28 +0200 you wrote:
>> I can't find any advantage even of monitoring traffic at all. By my
>> experience it is much faster (and cheaper, regarding resources and
>> online time) to use some real-time AV monitor which will react if you
>> try to deal with infected attachment.
MAU> There is definitely an advantage in monitoring traffic because not al
MAU> virus are spread in attached files.
[...]
I agree. And this is only spot which is not quite clear to me: if some
nasty html code arrive in mail (not attached but "embedded") would a
real-time AV monitor detect it? Since we are using Bat, which has own
rendering html machine, and since the trojan we consider here is
writen for IE engine, it seems that there is no need to be nervous.
Any way, a good AV monitor should discover *any* virus activities,
regardless way of its execution. So if I could go to see this message
with embedded html, and if I activate some nasty link, script or
whatever - then AV should react, in a same secure way as if virus
would start from an attachment. Am I right?
I just cannot see why would POP scanner discover something which is
not possible for HD scanner?
If this AV database would discover something during POP scanning, it
must discover it on HD too.
Mandara
- --
(__) If you need this key:
('') <mailto:[EMAIL PROTECTED]?subject=0x257DFF36>
\/
-----BEGIN PGP SIGNATURE-----
iD8DBQE8wX0Nvgcu6yV9/zYRAmX9AKCkHE7Bkp9DIVqtuPh0dzhSCb4ITgCgttLb
K1msoh6tAso2FsIvm7YpGxI=
=BFcC
-----END PGP SIGNATURE-----
________________________________________________________
Current Ver: 1.60c
FAQ : http://faq.thebat.dutaint.com
Unsubscribe: mailto:[EMAIL PROTECTED]
Archives : http://tbudl.thebat.dutaint.com
Moderators : mailto:[EMAIL PROTECTED]
TBTech List: mailto:[EMAIL PROTECTED]
