Dr. Web Removing E-mail Attachments...
#1
Отправлено 12 Апрель 2009 - 13:02
Kindly advise.
#2
Отправлено 12 Апрель 2009 - 13:45
Please, run Start -> Run
%USERPROFILE%\DoctorWeb
and attach here spiderml.log
PC3000 UDMA & Data Extractor (производитель НПП АСЕ), Raid Explorer (производитель СОФТ-ЦЕНТР), Flash Extractor & Image Explorer (производитель СОФТ-ЦЕНТР), Victoria Full version (автор Сергей Казанский), R-Studio Data Recovery (производитель R-Tools Technology Inc.), GetDataBack for FAT (производитель Runtime Software), GetDataBack for NTFS (производитель Runtime Software), собственные разработки.
#3
Отправлено 12 Апрель 2009 - 14:18
Unfortunately, I have uninstalled Dr. Web from this computer, due to the problem.It seems to me that they are infected.
Please, run Start -> Run
%USERPROFILE%\DoctorWeb
and attach here spiderml.log
Note that password-protected documents are not accessible to Dr. Web, and therefore it treats them as "infected", but they are not.
Also, BitDefender does something different: When doing a full system check, it states that it is not able to scan them, but does *not* delete the files, nor states that they are infected when we open them!
Wouldn't it be pretty stupid to post the logs here on a public forum...
#4
Отправлено 12 Апрель 2009 - 14:26
2. What do you mean "not accessible"?
3. The talk is here about Dr.Web, not BitDefender
4. No, it's not - the log i asked contains no personal information.
PC3000 UDMA & Data Extractor (производитель НПП АСЕ), Raid Explorer (производитель СОФТ-ЦЕНТР), Flash Extractor & Image Explorer (производитель СОФТ-ЦЕНТР), Victoria Full version (автор Сергей Казанский), R-Studio Data Recovery (производитель R-Tools Technology Inc.), GetDataBack for FAT (производитель Runtime Software), GetDataBack for NTFS (производитель Runtime Software), собственные разработки.
#5
Отправлено 12 Апрель 2009 - 14:30
PC3000 UDMA & Data Extractor (производитель НПП АСЕ), Raid Explorer (производитель СОФТ-ЦЕНТР), Flash Extractor & Image Explorer (производитель СОФТ-ЦЕНТР), Victoria Full version (автор Сергей Казанский), R-Studio Data Recovery (производитель R-Tools Technology Inc.), GetDataBack for FAT (производитель Runtime Software), GetDataBack for NTFS (производитель Runtime Software), собственные разработки.
#6
Отправлено 12 Апрель 2009 - 16:49
Note that password-protected documents are not accessible to Dr. Web, and therefore it treats them as "infected", but they are not.
no, it doesn't. it's "unchecked messages", you may set a "pass" action for them
#7
Отправлено 12 Апрель 2009 - 20:50
How?Note that password-protected documents are not accessible to Dr. Web, and therefore it treats them as "infected", but they are not.
no, it doesn't. it's "unchecked messages", you may set a "pass" action for them
#8
Отправлено 12 Апрель 2009 - 21:23
spm.jpg 25,13К 126 Скачано разHow?no, it doesn't. it's "unchecked messages", you may set a "pass" action for themNote that password-protected documents are not accessible to Dr. Web, and therefore it treats them as "infected", but they are not.
When you re-install Drweb attach here drweb32.ini file from main drweb folder, please.
#9
Отправлено 14 Апрель 2009 - 10:58
What if an "unchecked" message actually contains a virus then?no, it doesn't. it's "unchecked messages", you may set a "pass" action for them
How can we identify and make sure that only password-protected documents are allowed through?
#10
Отправлено 14 Апрель 2009 - 12:40
What if an "unchecked" message actually contains a virus then?no, it doesn't. it's "unchecked messages", you may set a "pass" action for them
How can we identify and make sure that only password-protected documents are allowed through?
how could the AV be aware than password protected files are not infected?!
#11
Отправлено 14 Апрель 2009 - 12:48
I am simply asking why would one have to allow *all* files that cannot be scanned to be passed through?how could the AV be aware than password protected files are not infected?!
Then, virus-authors/writers would use this method to get into machines, which then would allow them to be opened.
Could the AV recognize the type of file it is scanning, and only allow *.doc files that cannot be scanned through?
I know, this would then be the same problem, but at least we are limiting the type of file here, and normally Word requests an AV scan of a *.doc file when it opens it, correct?
Читают тему: 0
0 пользователей, 0 гостей, 0 скрытых