Hi, again. It seems like each answer prompts another question. This time, Jonathan Angliss <[EMAIL PROTECTED]> wrote:
>Using a virus plugin will allow you to quarantine >the mail withing TB! and actually look at the mail, but not >execute/open any attachments. This is an advantage if you are after >the actual email itself, and want to alert the real sender of >infection (note that Klez and others spoof from headers, and if you >set the virus scanner to auto-alert the person, you'll probably get a >few upset replies). I thought I was already able to look at the mail because whenever I get the warning from the AV program, it says "...real-time protection has found that [filename] was infected with HTML.MimeExploit virus and has *restored the file.*" (emphasis added), AND, I am able to find an e-mail in my in-box that has all the earmarks of it having carried a virus (unexpected attachments from unknown senders). I open these e-mails to add the sender's ISP to my filter list if the ISP looks "bogus," such as where it's a random alphanumeric combination followed by ".com", or some cutsy nomenclature like "just4u.com" but I don't open the attachments, which almost all invariably have the .exe extension. (I really like it that The Bat does NOT automatically open attachments.) Aren't these e-mails the ones that my AV software found infected, particularly since it has told me that it has "restored the file"? If so, then there really is no advantage to using plug-ins. No? >Of course, if you're not too worried about seeing >the content of these 'infected' files, and trust your virus scanner to >make a valued judgement about the email (knowing that it only matches >signatures, and doesn't care about content), then you can just stick >with using an external virus scanner. How is eZTrust-AV matching signatures? What signatures is it matching, and with what? I don't use an address book, although I do have filters in The Bat for trash. But why should the AV software care about what filters I am using? Also, if I what I said above about the file being restored is correct, then it seems to me that the AV software is letting me make the decision about whether to dump the message or not. Again, thanks for your patience is answering these questions. -- Avi Avram Sacks [EMAIL PROTECTED] [EMAIL PROTECTED] using ver. 1.61 of The Bat on Windows XP home ________________________________________________ Current version is 1.61 | "Using TBUDL" information: http://www.silverstones.com/thebat/TBUDLInfo.html
