Disable email scanning

Hi,

Is it possible to disable email scanning in IMON while still keeping the other functionality of the module.

Additionally what does the module exactly do besides mail scanning. Does it monitor certain ports for attacks?

Thanks all,
Al.

 

Evidently IMON nows does more than monitor email attachments:

Quote:
But does IMON only protect a computer from evil e-mails? What
about worm attacks? Say someone wilth a laptop will connect to my network an infected machine. Will AMON be enough?

At the moment, IMON does two things. Scans POP3 traffic, and detects some exploits used by worms. If a computer is vulnerable to some "packet exploit", AMON will probably not be enough, since the worm code would most likely be injected directly into memory.

I do not know which, or how many exploits are detected, however, if you have the latest security updates from Microsoft, you are not vulnerable to the attacks that IMON detects, so.. with the latest updates, disabling IMON should not make you more vulnerable. However, in the future, there might for example be a protection added for an exploit there is no patch for yet...

Before, however, IMON only scanned POP3-traffic. Back then, there was no risk in disabling it.

Personally, I suggest that (nowadays) IMON is always enabled for most users. If you don't want it to scan emails, just disable the mail scanning, but leave the rest of it running.

Best regards,
Anders

http://www.wilderssecurity.com/showthread.php?t=24910

In that same thread a fix from Eset is posted today for the Hyperthreading bug (another reason I don't use IMON). So, perhaps I will decide to try IMON (with the fix) with the email scanning disabled.

 

Thanks for the response.

This is part of my question. How exactly do you disable the email scanning without disabling the whole IMON?

 

>How exactly do you disable the email scanning without disabling the whole IMON?

I don't think this is possible. You can only enable/disable IMON as a whole not just parts of it - e.g. the email scanning.. although maybe one suggestion would be to use IMON's exclusion list.. putting your email client on that list might do the trick.. but you'll have to try yourself

 

I have no idea how you disable email scanning but leave the other parts of IMON running. I can't see anywhere in the setup to disable email scanning but leave whatever else there is of IMON running. I don't understand what IMON does outside of scanning attachments in email and causing problems (like any av email scanner). IMON in beta had a ton of problems because of its implementation on the Winsock level. I know that it has been greatly improved from those days, but I still don't see why anyone would use it. If it does things other than scan email attachments, AMON should be doing that seems to me.

 

Hi Mele20,

I run IMON on a dual boot Win98SE and WinXP Pro machine without any problems.

If your ISP doesn't scan for viruses, like a lot of folks worldwide, then IMON is very useful and saves time compared to your method of saving the mail attachments and then scanning it again.

Just because you don't feel IMON is useful for you, because your ISP scans for viruses, just doesn't apply to everybody. Also, I see no reason to have to go through the process of scanning the attachments again with AH like you do. That seems to be a waste of time.

I, for one, hope they do add additional features to IMON.

 

I realize that many ISPs still don't scan for viruses and thus IMON email scanning is useful in those circumstances if you get a lot of email attachments that you are expecting. I don't. The few I get are from unknown senders and I delete the entire email without opening it because the source is unknown and I wasn't expecting any email with an attachment. I also never open any email that comes from an unfamiliar source whether or not it has an attachment. Instead, I look at the message source in OE and usually the email is not even addressed to me. I get email addressed to anyone whose email address starts with the same first letter as mine and is addressed to my ISP.

I'm still not clear though on exactly what IMON does that AMON doesn't when you disable email scanning but leave the rest of the module functioning.

 

Quote:
...but I still don't see why anyone would use it. If it does things other than scan email attachments

Using Advanced Heuristics. Below a screen shot from a small part from the virus log; says it all.

regards.

Paul, that log you posted shows email scanning. I understand (I think) how IMON scans email. You didn't answer my question. Exactly what does it do, if you disable email scanning but allow it to run otherwise? (I don't see how you can disable email scanning only but Anders says you can so I guess you can). How exactly is it protecting me outside of email scanning and why does Anders say that AMON will NOT protect me fully?! That is news to me and I don't understand and am seeking clarity about this not about IMON scanning email.
Thanks.

 

Personally I would leave it enabled.

A customers 2000 server runs a mail collection service for all their externally hosted mail boxes. It has a "NOD32" plug in that check the virus when POP3 collection is in process by the local mail server. With Version 1 of NOD it picked up the virus's, but it was the plugin FORCING NOD to scan that picked it up. With NOD32 IMON picks up the virus's WELL before the local Pop3 server even gets to use the plug in to scan (obviously the earlier the better). NOD32 then is set to DELETE ALL infected messages. So it certainly works well. This setup with NOD ver1 has not let ONE virus pass to the client machines for over 1 year, Version 2 i think will be even better at this.
Their "infection" rate is about 15% of all emails/files scanned by IMON, so they often cop 50+ virus's a day.

 

My employer's network had >15 thousand files infected with PE_Bagle.Q before Trend released the update for this worm.

An IT guy of my acquaintance told me IMON e-mail component of NOD32 detected and banished PE_Bagle.Q as an unknown Crypto-Virus on his employer's network WITHOUT an update. I am at this moment evaluating NOD32, on his recommendation.

A warning: I have found a serious deception on the Internet! h**p://www.nod-32.com is a fraud web page, leading not to NOD32 but to BullGuard. I almost fell into this trap because I typed "NOD-32", not knowing at the time the true name of the program.

edit to disable link to bullgard - snap

 

Thank you Fung Kuei, I am sure the Eset Team would be interested in that link.

It is the dash inbetween Nod and the #32 ....not nice.

You can find ESET's home page here: http://www.nod32.com/

Regards,

snap

 

Sorry for my BullGuard link mistake Snapdragin. I am only passing through, and I do not know all the rules of this Forum.

Thank you for the NOD32 link. I downloaded a Trial Version yesterday. I am VERY impressed. (See my "amateur" Detection Report in another recent post.)

 

That's ok Fung Kuei, the link is still readable, just not clickable now.

Good luck with NOD...I have it myself and love it!

Welcome to Wilders,

Regards,

snap

 

Supposedly Goran Gluck is a registered reseller of NOD32 and Eset is OK with his "squatting". Even so, I can't see any way to download NOD32 from that page...it just flips you to Bullguard page. Supposedly though according to this http://www.dslreports.com/forum/remark,8904526~mode=flat#8904569
Gluc's link contains a referral code so he gets paid by Eset for the downloads.

More information at this http://www.dslreports.com/forum/remark,9765517~mode=flat

Evidently these fraudsters are doing exactly the same thing to AVG anti-virus using the hphen in the name and the earlier thread saying Gluck is a authorized reseller of NOD32 is incorrect.

edited to make links clickable - snap