The Bat! Help

Folders (6)
Macros (12)
Backup (4)

Privacy and Security

  • Hardware Security Tokens
  • S/MIME
  • OpenPGP
  • Anti-spam Plugins
  • Anti-Virus Plugins
  • Attachment Security
  • Privacy and Security

  • Hardware Security Tokens

    The hardware security token is a portable two-factor authentication token used for email security. Each token contains a unique 64-bit factory-installed serial number that differentiates an individual token from all other tokens.


    Installing Token Driver

    To use a token for message base encryption or POP3/SMTP authentication, you should first of all, install the driver and activate the token.

    Note: If you are using Aladdin eToken, access the following webpage to download the driver: http://www.aladdin-rd.ru/en/

    You can download the driver for Rainbow iKey1000 from the following webpage: http://www.safenet-inc.com/support_and_downloads/download_drivers/ikey_drivers.aspx


    Changing PIN


    After you install the driver, insert your token into a USB port and access its properties (eToken Properties). Select the "Change User PIN" option and enter the factory default PIN (factory PIN for eToken - 1234567890, User PIN for iKey – 12345678, Security Officer PIN for iKey - rainbow). Input the preferred password – it should consist of 5-10 symbols, namely digits, letters or punctuation marks.


    Token Manager and Token Activation Utility

    Before you can start using security token in The Bat! Professional you should:
    1. Activate the token using the Token Activation utility
    2. Copy the ID for the message base encryption to the token using Token Manager
    Download Token Manager with the Token Activation utility from our webpage and launch the tokenmgr.msi file to install them.


    Token Activation

    To activate a token, insert it into a USB port and launch the Token Activation utility using the Start -> All Programs -> The Bat! E-Mail -> Token Activation Utility menu. Select your token and click OK.



    Input the order number of The Bat! Professional into the Order Number field and click "Submit".



    You should have received the order number for The Bat! Professional when purchasing the license.



    Click the "Fetch Key" button, to start a web-browser and open the webpage of our server with the activation key. Copy this activation key, paste it into the Token Activation Key field and click "Activate". At the next step you should input the specified password (PIN).




    ID for Message Base Encryption

    To copy the ID for message base encryption, launch Token Manager using the Start -> All Programs -> The Bat! E-Mail -> Token Manager menu. When you first launch Token Manager you have to specify the master password.



    Click "Browse", select your token and click ОК. Input your password (PIN). When the token is selected, its name and serial number are displayed in the Selected Token field.

    Click the "New ID" button.



    You should input the user name in the "User Name" field. The name may contain lowercase Latin letters, underscore, hyphen or points. Do not use capital letters, spaces or any other symbols in the name. The name should consist of 1-12 symbols. In the "Description" field enter the description of your token.



    Copy the ID to the token selecting it and pressing the "Copy ID to Token" button.


    Installing The Bat! Professional

    Install The Bat! Professional and select the "Use on-the-fly encryption of message base and address books" option when you first launch it. Select the security token you are going to use to encrypt the data.



    Now you should assign an ID from the token to the newly installed copy. Each ID consists of 3 elements: 128-bit encryption key, user name and description. IDs are stored on the hardware security tokens and can be retrieved when you start The Bat! Professional.

    To assign an ID to The Bat!, select the token and the ID that is stored on it. Please note that the token should contain at least one ID. The selected ID is assigned to The Bat! and is used to continue installation. Once installed, The Bat! Professional is permanently tied to the User Name of a specific ID, and it is not possible to reassign another ID to the existing The Bat! Professional. After you assign an ID, the installation process continues. This ID will be used for the on-the-fly encryption of The Bat! Professional operations.

    If the "Use on-the-fly encryption of message base and address books" option cannot be selected, then this means that you are either using The Bat! Home Edition, which does not support message base encryption, or the program has already been installed on your computer. If you are dealing with the second case, make a backup copy of all data and uninstall the program, then remove the "RIT" key in the registry editor under "HKEY_CURRENT_USER\Software\...\".


    Using security tokens for POP3/SMTP Authentication

    Access the Account -> Properties -> Transport menu and click the "Authentication" button in the “Send mail” or “Receive mail” section. If the token driver and API are installed on your computer, you will see a selectable checkbox for the security token: Token MD-5 CRAM-HMAC Challenge/Response in the “Mail Retrieval (POP3) Authentication” window or the "Store password on the token" option in the “Mail Transmission (SMTP) Authentication” window.

    Once the security token checkbox is ticked, two new group boxes will be displayed:

    The "Token to Use" group box displays the serial number and user name of the token selected to perform POP3 or SMTP authentication for that account. The serial number of the selected token is stored in the account configuration file. The Bat! will not perform authentication with that account using a token with a different serial number unless you click the "Browse" button and select another token. In order to display the name, the token with a given serial number should be plugged in and available (i.e. not used by another application).

    The "Token Password" group box offers three buttons to Set, Change or Remove a password that is stored on the token.


    0  

    S/MIME

    Certificate Management
    Internal S/MIME Implementation
    Microsoft CryptoAPI
    Electronic Signature
    Encrypting Messages
    Decrypting Messages
    S/MIME Standard


    Certificate Management

    Obtaining a Certificate

    You can get an S/MIME certificate from a certification authority (CA) or create a self-signed certificate. Using internal S/MIME implementation you can create a certificate: access the Account -> Properties -> General menu and click the "Edit personal Certificates" button.

    In the new window click the "Generate" button and edit certificate items and values. At the final stage input the passphrase to protect the certificate.



    Your correspondent who received your signed message will have to add your self-signed certificate to the certificate store only once. You can also send your certificate to a CA to certify it.

    It is not necessary to create a certificate in The Bat! You can get it directly from any Certification Authority. Once you get the certificate, import it to the program. You can now delete your self-signed certificate and use the CA-issued one to sign and decrypt messages.


    View Certificates

    To view certificates of your address book contacts, open the Address Book (F8), select a contact and access the Edit -> Properties menu. You can view the certificate under the Certificates tab.

    To view your own certificate, access the Account -> Properties -> General -> Edit personal Certificates menu. Select the certificate and click "View".

    In the Details section you will see the serial number of your certificate and its version, signature algorithm (calculation method used in producing a signature from this certificate), validity period, issuer and subject (name and email address associated with this certificate).

    In the Certification Path section you can see all signatures associated with the certificate up to the CA.


    Export Certificate

    Internal implementation of S/MIME allows you to export selected certificates to a file for backup or distribution (e.g. import into other programs or The Bat! installations).

    To export a certificate, access the Tools -> Address Book menu (F8), select the contact and go to its Properties (Edit -> Properties). Under the Certificates tab select the needed certificate and click "Export". Certificates are exported to known, open formats only.



    • Personal Information Exchange – PKCS #12 (.PFX). This format allows export of a group of certificates as well as their private keys, which are encrypted using the same passphrases as in The Bat!; the corresponding certificates are not encrypted. Conforms to PKCS 12 v1.0: Personal Information Exchange Syntax developed by RSA Laboratories.
    • Cryptographic Message Syntax – PKCS #7 (.P7B). This format allows the export of a group of certificates to a file based on a signed message packet (the packet has no message body and no signature, only the attached certificates). It contains only certificates but no private keys. This is the most commonly accepted format. It Conforms to RFC- 2630 (Cryptographic Message Syntax).
    • DER encoded binary X.509 (.CER). This format allows you to export a single certificate without associated private keys. The output file contains a single X.509 certificate encoded according to DER-encoding rules; it will not be encrypted. If a certificate contains a private key, the key may be exported to a separate binary file, unencrypted, corresponding to PKCS#1 DER-encoded RSA. Beware: not all software applications can handle DER encoded binary X.509.
    • Base-64 encoded X.509 (.CER). This format is based on DER encoded binary X.509, but additionally encodes with a Base64-wrapper. The file only contains printable characters, which can easily be put into an email or on a website. Base-64 encoded X.509 is widely supported. Private keys can be exported to separate text files.
    You can enable the following options:
    • Include all the certificates in the certification path if possible
    Enable this option if you want to make sure that your certificate can be verified, which is only possible with an unbroken chain of certificates.

    Note: This option works with standards supporting multiple certificates in a single file.
    • Export private keys as well
    This option is not supported for Cryptographic Message Syntax - PKCS #7 (.P7B). If you export your certificate to send it to your recipients, you do not need to export your private key – it should be kept absolutely secret.


    Import Certificate

    There are several methods of importing certificates into The Bat!:

    Method 1
    Open the message containing a certificate and view the certificate by clicking the icon which you will see on the right-hand side of the headers pane. Select the certificate and click "View". In the General section click the "Add to Address Book" button to import the certificate. Next time you receive an email signed with this certificate you will see the icon on the headers pane, which means that the signature is valid.

    Method 2

    Access the Address Book (F8), select the contact whose certificate you want to import and double-click it to open its properties. You can also use the Edit -> Properties menu to access the Properties of a contact. Switch to Certificates tab, click the "Import" button and select the certificate.


    Internal S/MIME Implementation

    You can switch to internal S/MIME implementation using the Options -> S/MIME and TLS menu.

    The main difference between the two engines is that internal implementation does not use any outside code. The disadvantage is the lack of flexibility: When it comes to using different third-party algorithms, storage media, or devices that perform certain operations at a hardware level, you will need to use the CryptoAPI engine, but it may work differently or with some limitations under different versions of Microsoft Windows.



    If you choose the Internal Implementation, the following options will be available:

    Always encrypt to sender’s certificate
    This option allows encrypting sent messages to your own certificate – In this case you will be able to decrypt sent messages.

    Compress data before encryption
    Compression reduces message size and increases resistance to attacks.

    Beware: S/MIME compression may not be supported by other S/MIME-enabled email clients. Microsoft CryptoAPI does not support it.

    Cache certificate passphrases/keys for
    Choose the time interval a passphrase should be stored in memory before you have to re-enter it.

    You can select the preferred "Encryption algorithm" from the dropdown menu.

    Signing Hash Algorithm specifies which hash algorithm is used. The default SHA-1 is widely supported and is highly secure. If your recipient's S/MIME implementation does not support SHA-1, choose MD-5.

    "Random Seed File" path specifies the location where random data for key generation is stored.

    You can also enable the "Use time stamping server for digital signatures" option to add a timestamp to your signature – In this case the recipient will see the exact time the message was signed.


    Microsoft CryptoAPI

    This engine is part of Microsoft Windows. For further information consult Microsoft's documentation.



    Always encrypt to sender’s certificate
    This option allows encrypting sent messages to your own certificate – In this case you will be able to decrypt sent messages.

    You can choose the preferred "Cryptographic Service Provider" from the dropdown menu.
    Note: If you choose a provider from the list, The Bat! will use only this provider; with selected, CryptoAPI will select the required providers corresponding to a particular algorithm, key type or certificate.

    Depending on the selected Cryptographic Service Provider you can choose the Encryption and Signing Hash Algorithms.
    Note: The Bat! adds one signature to a message when using Microsoft CryptoAPI.

    If the "Keep associations between email addresses and certificates for signing" option is active, The Bat! remembers the certificate used for signing messages.

    If you enable the "Keep associations between email addresses and certificates for encryption" option, the program will remember the certificate that was used for encryption.


    Electronic Signature

    An electronic S/MIME signature ensures that any attempt to manipulate messages between you and the recipient can be easily detected. The Bat! will even flag compromised messages in the message list automatically.

    Manually Signing Messages
    Select the "Enable S/MIME" option in the Privacy menu in the Message Editor. Then enable the "Sign when Completed" option in the Privacy menu or click the icon on the Security toolbar.

    Automatically Signing Messages
    You can set automatic signing as well: Enable the "Sign when Completed" and "Enable S/MIME" options in the Account -> Properties -> Options menu.

    Tip
    : Use the %SIGNCOMPLETE macro in the templates to enable automatic signing of messages.

    Verifying Signature
    A yellow checkmark appears on the message flag if a message is signed . To verify signature, select the message and use the Tools -> Privacy -> Verify Signature menu (Shift+Ctrl+C) or click the icon on the right-hand side of the headers pane.

    The Bat! verifies S/MIME signatures automatically and marks messages with either a tick or a cross to indicate whether or not the message signature is valid. These icons appear on the headers pane.


    Encrypting Messages

    Using encryption, you can ensure the privacy of your correspondence. Only those people to whose public key the message is encrypted to, are able to read it. To encrypt messages, you have to import the recipient’s certificate into the program.

    Beware: Some governments may restrict encryption.

    Manually Encrypting Messages
    Select the "Enable S/MIME" option in the Privacy menu in the Message Editor. Then enable the "Encrypt when Completed" option in the Privacy menu or click the icon on the Security toolbar. You will be able to continue editing messages as they will be encrypted directly before you send them out.

    Automatically Encrypting Messages
    You can set automatic encryption as well: Enable the "Encrypt when Completed" and "Enable S/MIME" options in the Account -> Properties -> Options menu.

    Tip: You can use the %ENCRYPTCOMPLETE macro in the templates – in this case messages will automatically be encrypted before sending.

    Note: Remember to encrypt the message using your certificate as well, otherwise you will not be able to read encrypted sent messages.


    Decrypting Messages

    To decrypt a message, select it and choose the "Decrypt" option in the Tools -> Privacy menu (Shift+Ctrl+D).

    The decrypted message is not stored in the message base to protect your privacy. Every time you want to read an encrypted message, you have to decrypt it again. You can decrypt and save the message if needed, by selecting the respective option in the Tools -> Privacy menu (Shift+Ctrl+G).

    Note: The Bat! automatically checks signature, if there is one.

    S/MIME Standard

    S/MIME is a standard for signing and encrypting email. It conforms to the following RFCs:
    1. RFC2632 S/MIME Version 3 Certificate Handling
    2. RFC2633 S/MIME Version 3 Message Specification
    3. RFC2634 Enhanced Security Services for S/MIME
    You can get a certificate from a CA (Certification Authority). The certificate must contain your name, public key information, serial number, validity period, issuer name and signature. The most commonly used certificate format conforms to ITU-T X.509.

    0  

    OpenPGP
    Choosing OpenPGP Version
    OpenPGP Key Manager
    Importing Public Keys
    Internal OpenPGP Implementation
    Encrypting Messages
    Decrypting Messages
    Electronic Signature
    PGP/MIME Standard

    The Bat! helps you to protect the privacy of correspondences by employing OpenPGP to sign or encrypt your emails. The Bat! offers built-in PGP conforming to RFC-1991. You can also use other versions of PGP up to version 10.0.2. GnuPG is also supported.


    Choosing OpenPGP Version

    First of all you should download, install and set up the preferred OpenPGP program.

    Then you can launch The Bat! and using the Options -> OpenPGP -> Choose OpenPGP Version menu select the preferred OpenPGP version.


    • Internal (RFC-1991) – internal OpenPGP version
    • PGP command line (2.6.3, 6.0.x+) – uses the classical 2.6.3 or the command line program of some higher versions
    • PGP 5.5.x plugin - The Bat! needs the plugin of PGP 5.5.x to access all settings
    • PGP 6.0.x/6.5.x plugin - The Bat! needs the plugin of PGP 6.0.x/6.5.x to access all settings
    • GNU Privacy Guard (GPG) – The free GPG application should be installed
    • PGP 5, 6, 7, 8, 9, 10 (built-in support) - The Bat! provides direct access to OpenPGP settings
    We strongly advise that you make yourself familiar with the OpenPGP concept before using it. Otherwise you may make mistakes which jeopardize your privacy, security and even access to messages.


    OpenPGP Key Manager

    To be able to encrypt and sign messages, you need to generate a key pair that consists of a public key and a private key. The public key should be given to your correspondents, while the private key should be kept absolutely secret.

    To generate a key pair, access the Options -> OpenPGP -> OpenPGP Key Manager menu and select "New Key" in the Keys menu. The "OpenPGP Key Generation Wizard" window will open. Follow the instructions to generate the key pair. You will need to enter the name and the email address that will correspond to the key pair and to specify the size of the key pair. You can also define the exact key expiration date. Your private key will be protected by a passphrase that you must specify. To decrypt the encrypted messages you will need to input this passphrase.

    Once your key pair is generated, you will see it in the keys list.



    To export your public key, select it and access the Keys -> Export menu (F3). Specify the name of the file, in which your public key will be stored. Do not export your private key. Send the file with the public key to your correspondents – they will encrypt messages to you using your public key. You can decrypt such encrypted messages using your private key. You can send your public key as an attachment or directly in the text of the email.

    To import public keys of your correspondents use the Keys -> Import menu (F2). Use the public keys of your correspondents to encrypt messages to them.

    To see the properties of the key, select it and access the Keys -> Key Properties menu (Enter). You can change the passphrase for your private key if needed.

    You can set one of your keys as default by selecting it and choosing the "Set as Default Key" option in the Keys menu (Alt+D) or in the context menu that you invoke by right-clicking the key. If you enable the "Always encrypt to default key" option in the Options -> OpenPGP -> OpenPGP Preferences menu, the message will be encrypted with your key by default. Thus you will be able to decrypt messages you send to your correspondents. Otherwise, only the recipient will be able to decrypt encrypted messages that you send to him or her.


    Importing Public Keys

    OpenPGP public keys can be distributed in plain ASCII text and it is therefore possible to embed public key in an email. Below is an example of a message with embedded public key.

    Hello John,

    This is my public key:

    -----BEGIN PGP PUBLIC KEY BLOCK-----
    Version: 2.6.3i
    mQBtAzPHTM0AAAEDAKCJ5/hM+qpxHaa4wFumqU2DEV4KfkKe5hkkfS6knTtn0rnD Zm/90txo+29gOFARBL8ynIpGA7fUgmNG13mprN9q/9xrtH4gg6jV/cYJ3ZtnKN9B sfw7QLKsW3r6eMYGsQAFEbQiU3RlZmFuIFRhbnVya292IDxzdGVmQHJpdGxhYnMu Y29tPokAdQMFEDPHTM2sW3r6eMYGsQEBft0DAIi04Yya7Q5ZZAtz2K4bKHitMBFV j1g0Vmr87Cr5qZYgGBzbNasyFwUuFqwqEuiwnLVNSpPiK8QsJTff6Ky9hqMUiZaL ENOzJ5f9GKw0pmMio7rOlKRE8Szbl6RkpeCUQw==
    =u13G
    -----END PGP PUBLIC KEY BLOCK-----

    All the best,
    Andrew
    To import OpenPGP public key from a message, access the Tools -> Privacy menu and select the "Import Key/Certificate" option. You can also click the icon on the headers pane to import the public key.


    Internal OpenPGP Implementation

    Use the Options -> OpenPGP -> OpenPGP Preferences menu to access the settings of the internal OpenPGP implementation.



    The "Always encrypt to default key" option allows encrypting sent messages to your own key – in this case you will be able to read sent messages.

    The "Compress data before encryption" option is enabled by default.

    If you enable the "Cache decryption/signing passphrases/ keys for" options, you can define the time interval during which the program will store your passphrase to private key in memory – this will make the decryption and signing processes easier.

    In the "Comment block" field you can add any text, for example, the OpenPGP version you use.

    In the Files section you will see the paths to your key ring and random seed files.


    Encrypting Messages


    Using encryption you can ensure the privacy of your correspondence. Only those people to whose public keys the message is encrypted to, are able to read it.

    Beware: Some governments may restrict encryption.
    Beware: Although the algorithms used by OpenPGP are very safe and secure there is the possibility that a private key (needed for decryption) gets compromised.


    Manually Encrypting Messages

    Method 1
    Select the "Enable OpenPGP" option in the Privacy menu in the Message Editor. Then enable the "Encrypt when Completed" option in the Privacy menu or click the icon on the Security toolbar. You will be able to continue editing the message as it will be encrypted directly before you send it.

    Method 2
    Select the "Enable OpenPGP" option in the Privacy menu and choose one of the options – "Encrypt Entire Text" or "Sign & Encrypt Entire Text" in the Privacy -> OpenPGP menu. If you choose the second option, the message will be signed as well.

    Automatically Encrypting Messages

    You can set automatic encryption as well: Enable the "Encrypt when Completed" and "Enable OpenPGP" options in the Account -> Properties -> Options menu.

    Tip: You can use the %ENCRYPTCOMPLETE macro in the templates – in this case messages will be automatically encrypted before sending.


    Decrypting Messages

    To decrypt a message, select it and choose the "Decrypt" option in the Tools -> Privacy menu (Shift+Ctrl+D).

    The decrypted message is not stored in the message base to protect your privacy. Every time you want to read an encrypted message you have to decrypt it again. You can decrypt and save message if needed by selecting the respective option in the Tools -> Privacy menu (Shift+Ctrl+G).

    Note: The Bat! automatically checks the signature if there is one.


    Electronic Signature

    The electronic signature allows checking the authenticity of the sender. It ensures that any attempt to manipulate messages between you and the recipient is easily detected.

    Manually Signing Messages

    Method 1
    Select the "Enable OpenPGP" option in the Privacy menu in the Message Editor. Then enable the "Sign when Completed" option in the Privacy menu or click the icon on the Security toolbar.

    Method 2

    Select the "Enable OpenPGP" option in the Privacy menu and choose one of the options – "Sign Block" or "Sign Entire Text" in the Privacy -> OpenPGP menu.

    Automatically Signing Messages

    You can set up automatic signing as well: Enable the "Sign when Completed" and "Enable OpenPGP" options in the Account -> Properties -> Options menu.

    Tip: Use the %SIGNCOMPLETE macro in the templates to enable automatic message signing.


    Verifying Signatures


    A yellow checkmark appears on the message flag if the message is signed . To verify the signature, select the message and use the Tools -> Privacy -> Verify Signature menu (Shift+Ctrl+C) or click the icon on the right-hand side of the headers pane.


    PGP/MIME Standard

    PGP stands for Pretty Good Privacy;
    MIME stands for Multipurpose Internet Mail Extensions;

    The PGP/MIME standard provides secure messaging conforming to:
    • RFC 1991 PGP Message Exchange Formats
    • RFC 2015 MIME Security with Pretty Good Privacy (PGP)
    • RFC 2440 OpenPGP Message Format
    • RFC 3156 MIME Security with OpenPGP
    In The Bat! PGP/MIME is set as default, it is used for signing/encrypting messages when:
    • A message contains attachments
    • A message has HTML or Rich Text Format
    • A non-ASCII character set is used
    • The text contains lines longer than 76 characters
    • The text features lines beginning with "From"
    • The text contains lines with trailing spaces like the standard signature delimiter
    Beware: To read encrypted messages the recipient needs to have OpenPGP installed.
    Note: Some email clients may handle PGP/MIME-signed messages improperly. For those recipients you can use the %NOPGPMIME macro in the templates.

    0  

    Anti-spam Plugins
    The Bat! offers integration with anti-spam plugins developed by third-parties. You can find some of the anti-spam plugins in the Plugins section.

    Download and install the anti-spam plug-in. After this access the Options -> Preferences -> Plug-Ins -> Anti-spam menu, click the "Add" button and select the *.TBP file. Click the "Configure" button to access additional plugin settings.



    The "Out of 100 score to be used for actions below" option is important, if you installed more than one anti-spam plugin. Plugins may use different scoring systems. Choose if you want the maximal/minimal score or the average to be used.

    Example: Plugin A gives a score of 50, plugin B gives a score of 70; check “Maximal” to use the score of 70, “Minimal” to use 50 or “Average” to use 60.

    You can define the minimum amount of points needed to delete a message enabling the "Delete a message if the score is greater than" option as well as the minimum amount of points to move a message to the Junk folder. The Junk folder is automatically created when you receive the first junk message, or manually mark a message as junk.

    If you enable the "Move messages marked as junk to the Junk folder" option, messages that you manually mark as junk will also be moved to the Junk folder.

    Each account can have its own Junk folder. If you enable the "Use the common Junk folder" option the program will create a common Junk folder for all accounts and move messages marked as junk into it.
    After you install the plugin you should “teach” it by marking approximately the same number of messages as Junk or as NOT Junk. To mark messages as Junk/NOT Junk, use the icons on the toolbar or select the "Mark as Junk/ Mark as NOT Junk" option in the Specials menu. You can also right-click a message and select the "Mark as Junk/ Mark as NOT" option.

    0  

    Anti-Virus Plugins
    Besides preventing the user from accidentally opening malicious attachments, The Bat! offers a plugin interface to make use of third-party anti-virus plugins.

    After you install the anti-virus plugin to your computer, launch The Bat! and access the Options -> Preferences -> Plug-Ins -> Anti-Virus menu. Click the "Add" button and select the respective *.bav file. Enable the "Check incoming mail for viruses" option.



    Enable the "Send notification to the sender" option to send a reply to the sender using a template. Note that most modern viruses fake the sender’s address making it unlikely that any message will actually reach the individual whose computer is sending out the infected messages.

    Choose one of the following actions that will be performed when an infected message is detected:
    • Move to the Quarantine folder – The Quarantine folder is automatically created when you receive your first infected message
    • Try to cure infected parts – If it is not possible to cure the infected parts of the message, it will be deleted
    • Remove infected parts
    • Forward the message to self
    • Delete the message
    If the "Check attachments for viruses before opening them from The Bat!" option is active, the attachments will be checked when you open them. Select the "Check attachments before the user saves them to the disk" option to check each attachment before you save it to disk. You can also check outgoing mail for viruses, if needed.

    Any anti-virus plugin may have additional settings. Click the "Configure" button to access these settings. To remove a plugin, click the "Delete" button.

    0  

    Attachment Security
    The Bat! does not open attachments automatically. The program warns you whenever you try to open an attachment and asks you if you rather want to save it. To open attachments without a warning hold down the Shift key when you double-click the attached file.



    Using the Options -> Preferences -> Attachment Security menu you can specify the file types to be opened without warning: input the needed file formats into the "Allow opening of these files without any alert" field (use the form [wildcard].[extension], i.e. *.JPG).

    0  

    Privacy and Security

    The Bat! offers a number of security and privacy features.

    To limit access to an account, you can protect it with a password using the Account -> Set Access Password menu (Ctrl+F12). Thus you can control access to this account via program interface. You will be able to open the contents of such account after you enter the specified access password.

    In The Bat! Professional you can also encrypt the message base stored on the computer. Enable the "on-the-fly encryption" of message base and set a master password when you first launch the program. When you use message base encryption, all the data (messages, address books, configuration files) are be stored encrypted. The program uses AES encryption algorithm in CBC mode with 128-bit key. To access the program in this case, you have to enter the specified master password. There is no way to change the master password from within the program. To change it or disable encryption you would need to create a backup of your data using the Tools -> Backup menu, close The Bat!, remove the "RIT" key in the registry editor under "HKEY_CURRENT_USER\Software\...\", launch The Bat! and restore data from the *.tbk backup file.

    Hardware security tokens are available in The Bat! Professional version only.
    Note: If you lose your security token, you will not be able to access your encrypted message base.

    The Bat! helps to protect the privacy of your business and personal correspondence by employing OpenPGP and S/MIME to sign or encrypt emails. The Bat! supports PGP up to version 10.0.2 and S/MIME via the Internal Implementation or Microsoft CryptoAPI.

    Further security measures include:
    • Attached files are not opened automatically. If an attachment has a double extension (for example, photo.jpg.exe) The Bat! warns you about it
    • Executable files cannot be opened from within The Bat!
    • Internal HTML viewer ignores scripts and executable code preventing viruses and other malware from launching
    • Image Download Manager blocks suspicious images in HTML messages
    • A plugin API makes it possible to add anti-virus and anti-spam plugins

    0