Hello Marck, On Tue, 16 Jul 2002 10:20:33 +0100 GMT (16/07/02, 16:20 +0700 GMT), Marck D Pearlstone wrote:
MDP> Actually, in the case of an external AV having intercepted the MDP> infection before TB could even see it, it *won't* be in the message MDP> base, will it? Correct. MDP> It will never have reached TB. And if the detection was MDP> a false positive? How do you get the data back? In PC-Cillin: Quarantine / Restore. MDP> An attachment in a message body cannot be scanned by an external MDP> scanner. It must be scanned by either the TB AV plug-in or by an MDP> incoming mail stream scanner. Not quite correct. I had a virus (obviously in an attachment) that was not in the list of viruses that PCC knew when it arrived. It was some macro virus in a Word document that was attached to an email; as it never did any harm it is likely I never opened that Word documents. I keep attachments in the message body. Once PCC was updated and I tried to open that folder, the real-time scanner quarantined the whole .tbb file. Proving that PCC does indeed scan MIME encoded message attachmenbts stored in the message body. MDP> To have an infected attachment sat calmly and unidentified in a MDP> folder is dangerous. Certainly correct. But this has nothing to do with plug-ins or not, has it? MDP> IMHO a plug-in is the best way to handle virus scanning of MDP> incoming messages. And this is also true: PCC quarantined the whole .tbb file, as it only knows to quarantine files, not messages within a file. A plug-in would have quarantined only that message (maybe even only that attachment?) saving me the trouble of sifting through a couple of hundred messages to find the one with the virus. -- Cheers, Thomas. Moderator der deutschen The Bat! Beginner Liste. Be more or less specific. Message reply created with The Bat! 1.61 under Chinese Windows 98 4.10 Build 2222 A using an AMD Athlon K7 1.2GHz, 128MB RAM ________________________________________________________ Current Ver: 1.61 FAQ : http://faq.thebat.dutaint.com Unsubscribe: mailto:[EMAIL PROTECTED] Archives : http://tbudl.thebat.dutaint.com Moderators : mailto:[EMAIL PROTECTED] TBTech List: mailto:[EMAIL PROTECTED] Bug Reports: https://www.ritlabs.com/bt/
