10 ответов в этой теме

[FEH]

How do we get Dr. Web's e-mail scanning tool to stop *removing* our password-protected Word documents we are exchanging via e-mail[ sensored ]?

Kindly advise.

[Malex]

It seems to me that they are infected.
Please, run Start -> Run
%USERPROFILE%\DoctorWeb

and attach here spiderml.log

[FEH]

It seems to me that they are infected.
Please, run Start -> Run
%USERPROFILE%\DoctorWeb

and attach here spiderml.log

Unfortunately, I have uninstalled Dr. Web from this computer, due to the problem.

Note that password-protected documents are not accessible to Dr. Web, and therefore it treats them as "infected", but they are not.

Also, BitDefender does something different: When doing a full system check, it states that it is not able to scan them, but does *not* delete the files, nor states that they are infected when we open them!

Wouldn't it be pretty stupid to post the logs here on a public forum...

[Malex]

1. Pity indeed
2. What do you mean "not accessible"?
3. The talk is here about Dr.Web, not BitDefender
4. No, it's not - the log i asked contains no personal information.

[Malex]

BTW, you can try to post one of the "infected" protected messages to me. I'll answer is it a false or really infected.

[Eugeny Gladkih]

Note that password-protected documents are not accessible to Dr. Web, and therefore it treats them as "infected", but they are not.

no, it doesn't. it's "unchecked messages", you may set a "pass" action for them

[FEH]

Note that password-protected documents are not accessible to Dr. Web, and therefore it treats them as "infected", but they are not.

no, it doesn't. it's "unchecked messages", you may set a "pass" action for them

How?

[userr]

Note that password-protected documents are not accessible to Dr. Web, and therefore it treats them as "infected", but they are not.

no, it doesn't. it's "unchecked messages", you may set a "pass" action for them

How?

 spm.jpg   25,13К   126 Скачано раз
When you re-install Drweb attach here drweb32.ini file from main drweb folder, please.

[FEH]

no, it doesn't. it's "unchecked messages", you may set a "pass" action for them

What if an "unchecked" message actually contains a virus then?

How can we identify and make sure that only password-protected documents are allowed through?

[Eugeny Gladkih]

no, it doesn't. it's "unchecked messages", you may set a "pass" action for them

What if an "unchecked" message actually contains a virus then?

How can we identify and make sure that only password-protected documents are allowed through?

how could the AV be aware than password protected files are not infected?!

[FEH]

how could the AV be aware than password protected files are not infected?!

I am simply asking why would one have to allow *all* files that cannot be scanned to be passed through?

Then, virus-authors/writers would use this method to get into machines, which then would allow them to be opened.

Could the AV recognize the type of file it is scanning, and only allow *.doc files that cannot be scanned through?

I know, this would then be the same problem, but at least we are limiting the type of file here, and normally Word requests an AV scan of a *.doc file when it opens it, correct?