Search  Rules  Login
TheBat English » The Bat! - Configuring the E-mail Client
Pages: 1
RSS
Virus handling, Handling viruses in The Bat tmp files
 
#1
0  
I have Avira AntiVir (free version) and don't use a plugin for The Bat (is there one?).  When downloading e-mail, it sometimes finds a virus (or, more often, a phishing attemp) in an incoming message in a file batxxx.tmp in my temp directory.

1.  I assume that this file contains only one incoming message and that I can safely have AntiVir delete it without losing other e-mails.  Is that correct?

2.  If I do that, The Bat tries to download the same message the next time.  That makes sense, as far as The Bat knows, it hasn't successfully downloaded it.  But then I keep having to do this every time I check my e-mail.  I eventually have AntiVir ignore the infected e-mail, delete the offending message, and then empty my trash.  I'd like something a bit more automatic.  Is there a plugin for Alvira AntiVir that solves the problem?  Short of that, is there a better solution to the problem?

Thank you.
 
 
 
#2
0  
Your assumption under point 1 is correct.

The problem for the problem you present under 2 is the mail dispatcher.
Account -> Dispatch mail on server -> All messages
Select the problem message and delete it from the server. That way you don't have disable scanning for viruses.
I don't know whether there's a plug-in for your scanner.
__________________________________
I'm just a user of The Bat! I don't work for Ritlabs.
 
 
 
#3
0  
Quote
When downloading e-mail, it sometimes finds a virus (or, more often, a phishing attemp) in an incoming message in a file batxxx.tmp in my temp directory

Just wondering what does your bat show at this time? I have never seen anything like this and wonder if I am just lucky or have not set up TB to check for this?
 
 
 
#4
0  
Following up on my earlier question, I looked deeper into the help file of TB and found the following:

"Apart from preventing the user from accidentally opening malicious attachments, The Bat! offers a plug-in interface to make use of third-party anti-virus tools. You have to download and install one before The Bat! can help you to detect viruses and other malware in your messages. RITlabs' Web site can help you to find a plug-in."

I am not using a plug-in at the moment, relying on my AV which works very nicely with TB as is but I am curious to understand why the OP without using a plug-in is getting some phishing protection from TB?
 
 
 
#5
0  
Quote
beethoven writes:
Just wondering what does your bat show at this time?
Quote
beethoven writes:
I am curious to understand why the OP without using a plug-in is getting some phishing protection from TB

The Bat! is not showing anything.  The message I get is from AntiVir.  It's on access scanner sees it in the temp file to which The Bat! downloads the message.  The Bat! knows nothing of the protection AntiVir is providing.
 
 
 
#6
0  
It would really help and alleviate any fears out there if I could get some confirmation about the usage of .TMP files. I too have seen Phishing trojans shown as
web.Trojan.html...  and I believe these are just disguised web links. Correct me if I am wrong but doesn't thebat  only display embedded graphics. Doesn't it only link web pages in an email if  the user specifies?

If the .tmp files are temp files they are not yet interpreted right? so any html /javascript etc associated with such a .tmp file does not execute and thereby no immediate danger is present correct?

What if any danger does exist in a .tmp file having been determined to contain a worm or virus???

I would appreciate some reassurance or perhaps some test cases to see how the bat handles such Virus, Worm or Trojan seeded temp files (.TMP)???
 
 
 
#7
0  
theBat is safe even if you do not use any antivirus, as it will not automatically execute anything and will not allow you to open potentially unsafe attachments.

Viewing inside theBat a message that contains any sort of malware is completely safe. When you view it, you'll see it's junk and delete it.
Any malware is harmless if it just stays in the message base.
What can be dangerous is if you try to execute an attachment, but theBat will not allow that if properly configured. So you should save the attachment first, and at this point your AV should catch it.  

My AV is set not to check pop3 traffic and I have excluded my mail folder from monitoring - and never had problems with viruses since then, although indeed I receive such.
But here is what happened to me 3 or 4 times before I set my AV as above: I get a message with malware which is new and the AV does not catch it, so it goes in the message base. Later I update my definitions so AV now recognizes the malware - then it sees it in the message base and wipes the whole message base. It's funny, but antiviruses seem to be far more dangerous than viruses sometimes :)
 
 
 
Pages: 1