Author Topic: The Bat! Integration  (Read 34532 times)

0 Members and 1 Guest are viewing this topic.

Hornus Continuum

  • Guest
Re:The Bat! Integration
« Reply #30 on: October 30, 2003, 06:44:03 AM »
The Stroumpf,

Protection from e-mail comes in two forms, protection from infected attachments and protection from malicious scripts, applets, and other objects embedded within an HTML formatted message (for example a reference to a malicious web site) that will automatically be processed when the message is read.  Generally speaking, a resident e-mail scanner intercepts the message as it's being downloaded and prevents the message, or parts of it, from being saved on your computer, and an on-access scanner scans an infected attachment, script, etc. when you attempt to execute it.

Moving from generalities to specifics about avast! 4, the Internet Mail provider has some advanced features that provide additional protection such as checking for multiple extensions or extensions hidden by intervening white space, verifying that a file's type and extension match, and examining message partitions for suspicious properties, to name a few.  It also provides extra protections for outgoing mail to prevent worms from spreading by using mass mailing techniques.

The Standared Shield provider can be configured to scan an infected attachment, script, etc. when you attempt to execute it, write it to disk, or even read it from disk.  Since it supports scanning e-mail files, message files (.eml files for example), as opposed to message stores (.dbx files), it will also scan a message when you save it.

Basically, it's a matter of preventing malware from making it to your computer as opposed to preventing it from functioning after it's there and/or going through the hassle of removing it.  While there is overlap in the functionality, some consider using an e-mail scanner along with an on-access scanner to be redundant; others consider it a good practice by using a layered defense.  I fall in the latter category.  The advanced features in the e-mail scanner can protect your computer from becoming infected with malware by alerting you to an e-mail's suspicous characteristics.  Some of that malware may not be detected by the on-access scanner if no signature for it is present in the virus database.  Hope you find this information useful in deciding what to do.   :D

Regards,
Hornus
« Last Edit: October 30, 2003, 06:56:18 AM by Hornus Continuum »

trigger

  • Guest
Re:The Bat! Integration
« Reply #31 on: October 30, 2003, 08:13:10 AM »
First the DISadvantages of the plugin versus the emailservice:
- no fancy gui when something is detected
- no extras, like the adding of "message clean/infected" text to messages

The difference between avast emailservice and the plugin is, that the service is a separate program that acts as a mini mail server. You have to get your email from that. That demands some configuration. Also, If you use an other program that way to detect spam, you have to chain them together, that demands some more configuration. I have been struggeling with those two for a while, but fanally got it running (thanks to this forum btw). When checking mail, the bat! accesses avast-mail-service, passing a very difficult string as server, to handle all following software. the mail-service breaks down that string so it can use it and then accesses spamweasel, passing a stripped down serrver string to controll spamweasel. Spamweasel then breaks down that string finally accessing my mail server on the internet. The mail is send back to spamweasel, which after checking passes it back to avast, which after checking, sends it back to the bat! With large attachments you will get timeout problems. Setting the timeout high can cause trouble when the internet connection goes wacky. The plugin is just a little program that is controlled by the bat! and no configuration is nescessary.

No the Advantages (as I see them) of the plugin:
- you can kill the email sevice and thus saving memory and cpu
- the configuration with another spam program is more easy (there are also spam plugins)
- no problems with more accounts on different mail servers (with the service that is still a bit tricky)

If you are happy with the way things are. Don't change it. I am testing the plugin, because I think it is a fancy extra with the software, saves me the trouble with my spam proxy and enhances performance in my case.

Peter

The Stroumpf

  • Guest
Re:The Bat! Integration
« Reply #32 on: October 30, 2003, 09:28:14 AM »
Peter and Hornus,

thanks for those long explanations! So in other words, I stick to the full version (sounds better to me), BUT I can *also* install the PlugIn, which gives me an extra layer, not just plain redundancy? Because if it's more protection, then I think I will install the Plugin, too.

trigger

  • Guest
Re:The Bat! Integration
« Reply #33 on: October 30, 2003, 09:36:22 AM »
The plugin uses the same engine and databases as the avast mail service. I think that just makes it redundant and not provides an extra layer. It just scans the same thing the same way again...

Peter

trigger

  • Guest
Re:The Bat! Integration
« Reply #34 on: November 01, 2003, 02:28:53 PM »
Hi guys,

Any news on the enhancement request for the The Bat! plugin:

Possible options for that loggin might be: "none", "infected messages only", "infected and clean messages"

Great idea...I would say 3 values:
%AVASTVER  (avast! version number)
%AVASTDBVER (avast! DB version number)
%AVASTPLUGINVER (avast! plugin version number)

Peter

trigger

  • Guest
Re:The Bat! Integration
« Reply #35 on: November 05, 2003, 09:46:59 AM »
Ok, I am gonna risk that one karma I got... By nagging :-[ ... Please, please, please is there any news on The Bat! plugin... Will the logging possibilities and the macro export be implemented or not (if not, I can stop whining   :'( )

The plugin works like a charm btw...

Peter

Hi guys,

Any news on the enhancement request for the The Bat! plugin:

Possible options for that loggin might be: "none", "infected messages only", "infected and clean messages"

Great idea...I would say 3 values:
%AVASTVER  (avast! version number)
%AVASTDBVER (avast! DB version number)
%AVASTPLUGINVER (avast! plugin version number)

Peter

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:The Bat! Integration
« Reply #36 on: November 05, 2003, 07:18:41 PM »
Logging for sure, but macro export is unsure as we don't really know if it's possible. We're in contact with the Bat guys anyway
If at first you don't succeed, then skydiving's not for you.

trigger

  • Guest
Re:The Bat! Integration
« Reply #37 on: November 05, 2003, 09:11:55 PM »
I know the bayesit anti-spam plugin does export three macros. I dont't know how, but it does.

Peter

Axel Foley

  • Guest
Re:The Bat! Integration
« Reply #38 on: November 06, 2003, 11:11:42 AM »
Like trigger said actually it is possible (at least with the anti-spam plugins).

In the anti-spam plugin list (options->preferences->protection->antispam) you can right click on a plugin and you have a menu with the "Information" item which is a sort of About.

This about is also available if you go into options->preferences->plug-ins (last item in the tree); from there you can see a list of available plugins, you can select one and click on the information button and the about window comes up.

Actually I use BayesIt! plugin and avast! plugin, BayesIt comes up in the global plugin window but avast! doesn't, I don't know if TheBat's Plugin API makes a difference between AV plugins and Anti-Spam plugins, you should ask the devs. I don't think it is correct if TB's API have this limitations on AV plugins.

The same applies to exporting macros.

Anyway the devs could help you on this one, if they don't let me know and we could use TBDEV mailing-list. :)

Keep up the good job.

« Last Edit: November 06, 2003, 11:12:59 AM by Axel Foley »

trigger

  • Guest
Re:The Bat! Integration
« Reply #39 on: November 06, 2003, 11:34:22 AM »
Actually I use BayesIt! plugin and avast! plugin, BayesIt comes up in the global plugin window but avast! doesn't
I noticed that too... But I believ that is a bug introduced with newer beta versions of the bat, because in earlier versions I had them both listed...

Peter

trigger

  • Guest
Re:The Bat! Integration
« Reply #40 on: November 06, 2003, 05:24:45 PM »
Logging for sure, but macro export is unsure as we don't really know if it's possible. We're in contact with the Bat guys anyway

This is a link to the source code of the mymacros plugin for The Bat! That plugin does nothing else but export macros. My programming days are long over, but I think you guys can use the source to figure out how to export the requested macros  ;D

Peter

trigger

  • Guest
Re:The Bat! Integration
« Reply #41 on: November 06, 2003, 05:27:37 PM »
Another thing. I found this link on The Bat! forum to test anti-virus products http://www.gfi.com/emailsecuritytest/ It will wreck havoc on your email system to see if and how good you are protected. I must say, only one got through, but only after ignoring three different warnings about attachment that should not be opened and possible mallicious code that would be executed.

Peter

Offline Vlk

  • Avast CEO
  • Serious Graphoman
  • *
  • Posts: 11664
  • Please don't send me IM's. Email only. Thx.
    • ALWIL Software
Re:The Bat! Integration
« Reply #42 on: November 06, 2003, 05:43:18 PM »
Quote
This is a link to the source code of the mymacros plugin for The Bat!


This? Maybe you forgot to include it to your message...? ;D

Quote
Another thing. I found this link on The Bat! forum to test anti-virus products http://www.gfi.com/emailsecuritytest/ It will wreck havoc on your email system to see if and how good you are protected. I must say, only one got through, but only after ignoring three different warnings about attachment that should not be opened and possible mallicious code that would be executed.

The GFI test.... not really good but anyway (designed so that GFI products pass but other products don't - some of the tests don't make much sense...).

Vlk
If at first you don't succeed, then skydiving's not for you.

trigger

  • Guest
Re:The Bat! Integration
« Reply #43 on: November 06, 2003, 05:56:25 PM »
 :-[ :-[ :-[ I was thinking about edditing the post and just act like it allways there, but no...

This should be it http://en.barin.com.ua/soft/mymacros/mymacros.src.zip

Peter

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67241
Re:The Bat! Integration
« Reply #44 on: November 08, 2003, 09:23:41 PM »
If anybody wants to configure Spamihilator and avast! to be used in the same computer, please, see this related forum.
The best things in life are free.