|
Posted by B.W. on August 21, 2006, 9:39 pm
If you were Registered and logged in, you could reply and use other advanced thread options
scanning' to get an understanding of that and I think I am getting the idea.
When you say save the file to disc you mean to a remote source (CD) not the
hard disk hard drive?
B.W.
>
>
> Replies are inline...
>
> | First time I have posted to this group so please ignore the fact that
> this
> | is a very basic question.
> |
> | I have received advice never to open an attachment directly out of an
> email
> | because 'not all the potentially malicious code that can be attached to
> a
> | document is a virus'.
> |
> | O.K. but then what is the procedure?
>
> Basically, if you don't know the sender of the email with attachments --
> delete it.
> If you aren't expecting an attachment -- delete it.
>
> If you know the sender but weren't expecting an attachment, save the file
> to disk so your AV
> scanner's "On Access" scanner will check it out.
>
> If you know the sender and you were expecting an attachment, save the file
> to disk so your
> AV scanner's "On Access" scanner will check it out.
>
>
> |
> | If you are running an anti-virus programme and it is updating daily,
> you
> | are not opening
> | mail from people you don't know and you are also checking the format of
> the
> | attachment,
> | how and when can you finally open the attachment.
>
>
> See the above...
>
>
> | I realise that the a/v companies can't get a fix for nasties immediately
> but
> | even if you saved the attachment on to a disc you need to scan it
> eventually
> | anyway and it then could even have a non-viral nasty which is not going
> to
> | be picked up by a virus checker type programme.
>
>
> Either the attachment will be a Trojan or a virus. In either case AV
> software should dtect
> it. If it is new then your AV application may not recognize it.
>
> In that case you can submit a sample to Virus Total --
> http://www.virustotal.com/flash/index_en.html
> The submission will then be tested against many different AV vendor's
> scanners.
> That will give you an idea what it is and who recognizes it. In addition,
> unless told
> otherwise, Virus Total will provide the sample to all participating
> vendors.
>
> You can also submit a suspect, one at a time, via the following email
> URL...
> mailto:scan@virustotal.com?subject=SCAN
>
>
> |
> | Another question, if you get some kind of malicious attachment by just
> going
> | to a website, will your a/v programme give you an immediate warning, if
> it
> | has a fix for it. or only when it finally does it's scheduled scan of
> your
> | hard drive?
> |
> | Thanks for advice
> |
> | B.W.
> |
>
> A good AV application will be able to detect this as it is written to the
> Browser cache
> through the On Access scanner and block the file from being written. On
> Accvess scanning is
> teh pro-active prevention capability of AV software while a scheduled or
> un-scheduled scan
> is called an On Demand scan and is used for verification or removal after
> the fact of
> infection or possibility of infection.
>
> The following is a snippet of McAfee VirusScan v7.1E log of a Browser
> action with infected
> files on a web site...
>
> 9/25/2005 8:19:56 AM Delete failed (Clean failed) DLIPMAN-1\lipman
> D:\temp\IE6\Temporary
> Internet Files\Content.IE5\WCZFECUD\ysb_regular[1].cab\YSB_REGULAR[1].CAB
> Adware-ISTbar
> 9/25/2005 8:20:04 AM Delete failed (Clean failed) DLIPMAN-1\lipman
> D:\temp\IE6\Temporary
> Internet Files\Content.IE5\FZ4HCZOS\pcs_0002[1].exe\PCS_0002[1].EXE
> Downloader-AAI
> 9/26/2005 1:27:28 PM Deleted DLIPMAN-1\lipman D:\temp\IE6\Temporary
> Internet
> Files\Content.IE5\WCZFECUD\you[1].htm JS/Spawn
> 9/26/2005 1:27:28 PM Delete failed (Clean failed) DLIPMAN-1\lipman
> D:\temp\IE6\Temporary
> Internet Files\Content.IE5\WCZFECUD\you[1].js JS/Winbomb
>
> Notice the log states "Delete failed (Clean failed)". In actuality, the
> file was blocked
> from being written and the PC was NOT infected.
>
> --
> Dave
> http://www.claymania.com/removal-trojan-adware.html
> http://www.ik-cs.com/got-a-virus.htm
>
>
| 
XML site map