ClamWin Free Antivirus Forum Index
ClamWin Free Antivirus
Support and Discussion Forums
Reply to topic
TBird Plugin
cov


Joined: 11 Feb 2006
Posts: 17
Reply with quote
Alch mentions a plugin in development for Thunderbird.

Is there a projected release date? If not, will we get notification of it's release on the clamwin news site?
View user's profileSend private message
alch
Site Admin

Joined: 27 Nov 2005
Posts: 1748
Reply with quote
the development has only started now, there is no projected release date. I will update you as soon as I know
View user's profileSend private message
budtse


Joined: 14 Jan 2006
Posts: 372
Location: Belgium
Reply with quote
Hi,

All i can say about the TBird plugin is that i'm working on it for about a week now. Since this is my first Mozilla plugin, i need to read up on mozilla development and figure out how to get this working. If there are major break-throughs, I'll post them here.

Basically what i need to be able to do is :
- save attachments of a message to temp before it gets loaded in the message pane
- launch clamscan and check the result for each file (should be fairly easy)
If a virus is detected :
- detach the attachment to quarantine
- attach a report if possible, or notify the user some other way

If you have any suggestions, feel free to send me a private message.

budtse
View user's profileSend private message
RAWu


Joined: 15 Jun 2006
Posts: 1
Reply with quote
Keep on going, please.
I am really looking forward for that Plugin.
View user's profileSend private message
cov


Joined: 11 Feb 2006
Posts: 17
Reply with quote
Budtse,

Good luck on your endeavors.

What would be handy within clamscan itself would be if the virus report could include an offset into the file.

On the Inbox, such an offset could help you locate which email message it is that is causing the positive virus result so that you could delete it.
View user's profileSend private message
budtse


Joined: 14 Jan 2006
Posts: 372
Location: Belgium
Reply with quote
hi cov,

i'm not entirely sure what you mean by this. Do you mean clamscan should tell you which message contained the virus when it finds one in a mailbox-file ?

As to the T-bird plugin, i hope to find more time pretty soon. Right now it's pretty busy here, and there always seem to be jobs with higher priority.
View user's profileSend private message
cov


Joined: 11 Feb 2006
Posts: 17
Reply with quote
Yes, if clamscan finds a virus in a file (such as the Inbox file), then it would be handy if it gave you some idea of where in the file the virus is. ie either using the byte offset or include a few characters from the string at that location.

Can you use the plugin to search through messages already recieved? Or does it only scan incoming emails?
View user's profileSend private message
budtse


Joined: 14 Jan 2006
Posts: 372
Location: Belgium
Reply with quote
The plugin will scan a mail each time it is viewed (in the preview pane or a message window), just like the outlook plugin, because that is the moment an infected file can do harm. Scanning incoming files only would not allow to re-scan after the database had been updated with new virus definitions.
Maybe we can work on a way to keep track of which mails were scanned already, and with which database version (so the mail gets re-scanned after database updates), but i would be glad to have the initial functionality working for now.
View user's profileSend private message
traps


Joined: 22 Jun 2006
Posts: 9
Reply with quote
It's a real shame that with all the work that has gone into the Clammail project and seeing that it uses the ClamAV database that you all cannot come to some sort of agreement with the Clammail developer to integrate Clammail scanning functions into ClamWin rather than start from scratch and have to learn everything that's already known and is being done by someone else.

Why develop a plugin for each and every email client that's out there when they can all be encompassed into one routine that scans the mail prior to the email client actually receiving it during it's fetch? That way you do not have to cater to how each and every email client processes the mail. Also all outbound mail can be forced through the scanner too upon leaving the email client.
View user's profileSend private message
budtse


Joined: 14 Jan 2006
Posts: 372
Location: Belgium
Reply with quote
You are completely right in saying we should co-operate, I will try to remember to discuss this with Mick and Alch and contact the ClamMail developers if they agree.

According to the reactions both on this forum and on the clammail forum, a lot of users seem to want a separate TBird plugin though. Lot's of people don't know the first thing about installing and configuring proxies (hell, they wouldn't know what a proxy is). A specific plugin is a lot easier to install, and has some advantages too (like the mails will be re-checked after a virus database update).
View user's profileSend private message
traps


Joined: 22 Jun 2006
Posts: 9
Reply with quote
Right. I fully understand where you are at concerning setting up proxies in ClamMail, etc. and most users are going to be lost setting up even the simpilest of proxies. Very vaild reason to shy away from that. I am not a coder or developer myself but I often wonder why Clammail cannot or could not be done differently. I don't know about now but the old Symantec/Norton anti-virus required a proxy setup for email scanning. Sometimes it did this automagically but often there needed to be user intervention, especially if a spam proxy such as K9 was thrown into the mix and it often cteated nightmares. Now, let's take avast! as an example. It has a specific email anti-virus scanning function but does not require proxy chaning. I've never found an email client it did not work successfully with but I highly doubt those folks have taken the time to create a plugin for each and every email client program that exists. Like a firewall does, it seems to work on what passes through default ports 110/25 or whatever ports are designated for inbound/outbound email. Maybe we are stuck on the proxy routine when there's other ways to do it uniformally?

I can see where you are are concerning the rescanning of already received mail when new definitions are available. That's not a cure all, of course, but I can see where it can be benificial in helping to curtail new viruses that maybe slipped by the current defs. At least some will be stopped that wouldn't be otherwise.

Whatever, I am not trying to be critical, but suggestive. As I said, I am not a developer. I just consider there's possibably a way to scan inbound/outbound mail without depending on a proxy and without having to create a specific plugin. Maybe there isn't though.

Thanks for your work and efforts.
Curt
View user's profileSend private message
cov


Joined: 11 Feb 2006
Posts: 17
Reply with quote
Curt,

Currently I have a virus located somewhere in my Inbox. It's Email.Phishing.Pay-5, but I have no idea exactly where it is.

Not too much of a problem, I can ignore these positive virus detection events. The problem is that should I get another virus warning, the liklihood is that I shall ignore it as well. And, if I don't notice a new virus, what is the point of doing the scan in the first place?

You guys are doing a brilliant job providing an effective defence against a scourge without demanding money to keep it at bay. Shades of Al Capone and his protection rackets, if you ask me.
View user's profileSend private message
traps


Joined: 22 Jun 2006
Posts: 9
Reply with quote
cdv,

I don't exactly know what you are trying to get at here but if someone ignores a positive virus detection they deserve what they get from it ..... but others don't and they do no one a favor by disregarding it.

If you know you have a virus in your inbox how can you not know where it's at? Email scanning is done on each individual email.

When I mention a new virus I am referring to one in the wild that detection definitions have not been created for yet. There's still reason to scan incoming emails for the thousands of other viruses that are known. It's commonplace for users to become infected from a virus in the wild even though they have anti-virus software but plenty of people have email downloading periodically but they don't open it immediately. Definitions for newly discovered viruses come out very quickly and if someone has their anti-virus configured to get updates regularily there's a good possibility the virus will get detected prior to the user becoming a victim.

Again, I did not get a clear meaning of your comments and what you were trying to convey to me.

Curt
View user's profileSend private message
Slug


Joined: 22 Mar 2006
Posts: 24
Reply with quote
traps wrote:
cdv,
If you know you have a virus in your inbox how can you not know where it's at? Email scanning is done on each individual email.
Curt


No its not, currently if you do a scan and Clamwin finds a virus in your inbox (I use Tbird) you have no idea which email the virus is attached to as all you get back is "inbox"(which is a file) is infected with blah blah virus. This is because ALL of your emails are stored in 1 inbox file. I had 3000 emails is my inbox and it took me almost an hour to find which email had the virus.

Hopefully in the future clamwin will be able to delete the email that has the virus in it, or at least tell me whch email is infected.

Regards
Michael
View user's profileSend private message
traps


Joined: 22 Jun 2006
Posts: 9
Reply with quote
cdv,
That may be the case with ClamWin but I am referring to and this thread is about an email anti-virus checker plugin, which scans individual emails. That would solve the identification problems you apparently have. Also, if T-Bird stores all messages as one file in the Inbox the difficulty is not with ClamWin. It's with T-Bird. ClamWin is doing what it's suppose to be doing. It finds a virus in a file and it informs you. I run T-Bird on linux and don't have these sort of difficulties but I previously ran T-Bird on Windows extensively with avast! anti-virus support, including email scanning, and never encountered the difficulties you are describing, nor did I ever have viruses slip through. I also used F-Prot Windows, which relied on real time scanning for email, rather than actual email scanning, and if an attempt was made to open a virus infected file in the Inbox or elsewhere F-Prot would bring up it's virus detection window, disallow opening of the email and dispose of the virus infection per configuration choices. Considering that, maybe ClamWin is much of the problem. Other anti-virus progs don't seem to have that issue. Of course they are doing real time scanning, which is a basic neccessity for successful virus prevention in Windows because the average user is not going to take the time to manually scan individual files/folders, etc., on an effective basis. Actually, with today's computer technology, capabilities and the knowledge of viruses in the Windows environment that we have, no one should be depending on an anti-virus prog that does not do real time scanning for the overall protection of their Windows system.


Probably I am just going to use Pegasus on the portable USB setup until someone comes up with something that will work for automatic email scanning within T-Bird in a portable environment. Pegasus is portable and provides function to call a commandline anti-virus scanner such as F-Prot or ClamAV upon receipt of new mail. It also retains seperate and distinct files for each email, in the Inbox and all other folders. Things would be a lot simpler though if I could use T-Bird and just load in my current profile rather than having to set everything up from scratch.

Curt
View user's profileSend private message
TBird Plugin
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 2  

  
  
 Reply to topic