Scanning emails: necessary?

If your AV has resident protection that is constanstly looking for viruses and checking all .exe's before they are opened, is an email scanner really needed? In this case, what benefit would that scanner provide?

For example, Avira Antivir seems to be an exceptional AV. The free version does not scan emails, but you are supposed to be safe due to the resident protection. So what exrtra benefit does the email scanner in the paid version provide?

 

I suppose the benefit would be to catch malware before it gets downloaded to your PC.

 

What are the threats from email?

1) Remote code execution embedded in HTML.

Solution: set program to view in text mode only; delete all messages from unknown sources

2) Executables in an attachment

Solution: don't click on executables in an attachment


regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

link below to past discussion on Scanning emails: necessary?

You don't need an email scanner... and Functions of Anti-Virus software. . .
___________________________________________________

Sixteen months of AntiVir Classic (no 'Email' scan app) and have had Eight Detections, three were False Positives and of the Five True Positives, Three were in Email (two from Guard and one from Demand Scan, that one had been hidden from Norton for years )

 

One not uncommon scenario is that you receive an email with a virus contaminated attachment that you don't save or open... You just forward it to someone else with the result that you inadvertently infect their computer without realizing it. You were always protected but you just messed up your friends machine... And even if their antivirus catches it, you get the blame for having sent it.

I do think that having email attachment scanning is a good idea. And it cannot be that hard to implement since the majority of antivirus products provide it.

--Doug / SalemDesign

 

#1. that would be irresponsible on your part, how difficult would it have been to check it first.

#2. A First Rule for Email Safety is to NEVER Click an attachment that you were not expecting!
.....(Your Mother's System could be infected with a self replicating worm or virus.)

.....{My Sister's was [she has known computers since she built from a RadioShack Kit] and
she quickly Emailed a warning, but I had not 'clicked' the attachment}.

Secondary rules include text>HTML, no preview pains etc..

 

Oh, come on. Let's say I get an email from Harry asking if I have the latest version of the ACME engineering proposal. I don't but I send an email to Bob, Bill, and Mary asking if they have it. It turns out that Mary does, so she sends it as an attachment to me... I am not necessarily going to open it. I will most likely just forward it to Harry. And if Mary had a MS Word macro virus on her machine, I just infected Harry.

This is a particular problem when users *think* they have attachment scanning (most AV systems do). I just found out that Zone Alarm Security Suite 7 does *not* have email virus scanning. The previous ZASS version *did* have email scanning, ZASS 7's help *says* it has scanning, but ZoneAlarm did not (apparently) have time to implement it when they switched to the Kaspersky AV engine.

--Doug / SalemDesign

 

This would not happen if Harry's policy was to use MSWordViewer to read other's Word Documents.

In addition, if Harry doesn't have other protection in place to catch the "inadvertant accident" then he needs to re-think his security.

If anyone today gets infected from a macro-virus, they either are not informed, or just plain dumb.

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

Yeah, true. It also wouldn't happen if nobody had ever created a computer virus.

But we are talking real world here. Computer viruses are a fact of life and the fact that one cannot depend on the Harry's of this world to be either well informed or smart is also here to stay.

The unfortunate truth is that we need layers of redundant protection. And we cannot depend on the folks we are sending emails to to be "protected".

I have Exim virus checking at the server level for incoming email, I *thought* I had local incoming email scanning with ZoneAlarm Security Suite, I *do* have on-access file scanning, and I *thought* I had outgoing email scanning with ZoneAlarm Security Suite, and I *do* have outgoing virus scanning at the SMTP server level.

The fact ZASS 7 does not have inbound or outbound email scanning at the POP3 and SMTP interface just removed two out of five layers of protection.

--Doug

 

That is for sure! But why does it have to be "unfortunate?" It's not a big deal to show someone how to set up a security strategy, with solutions protecting against the various attack points of malware.

The first part of your statement is certainly true, but the last phrase (my emphsis) does not have to be a foregone conclusion. While it seems to be an uphill battle, every person we can help to become more aware is one more person less likely to get infected. The alternative is not very encouraging.

regards,

-rich

________________________________________________________________
"Talking About Security Can Lead To Anxiety, Panic, And Dread...
Or Cool Assessments, Common Sense And Practical Planning..."

--Bruce Schneier​

 

For most forum members here, I believe no.
For the mainstream populace (the other 99.98%), I believe it serves a valid purpose (although not of critical importance).

 

Isn't this very topic and discussion the reason most ISPs scan their customer's emails before it reaches their email client?

Truthfully, I cannot even remember the last time any of my email accounts was the vector for getting malware into my computer.

 

Same here.
Which makes you wonder.
Polls suggest that email attachment vector is responsible for +/-90% of infections!
I don't understand...user ignorance/naïveté?
If incoming email scanning did not detect a threat, should not execution of the virus laden file have been caught by the AV and subsequently alerted/cured/quarantined the suspect file?

 

there is one thing your forgetting
most big companies use symantec for email sanning e.g. yahoo
now most people who dont know about computers have norton on there desktop.
if there the same signitures it would bypass both of them.
if the user doesnt know about safe hex with email attachments they would get infected.
lodore

 

I found out that my ISP is doing a good job regarding email virus scanning.
I am testing out their Spam blocker.
Both are free.


Gerard

 

AntiVir Demand Scan found a particularly nasty WORM inside a 'never opened' attachment that Norton (w/ Email Scan) had ignored for years.

A Kaspersky OnLine Scan once found one inside Hotmail Deleted items Folder (MS Outlook pst) that again, had been missed by the latest
Norton Email scanner.

 

I note these "I don't think I need the........" and "why even have it" and so forth and I wonder >>>>> Probably these cats have not reformated as much as I have nor as much as the units I am requested to repair.

When I brush my teeth I do the front AND back. Heard of cavaties?

 

No doubt I have not reformated as much as you.

Win98 was formated with a new Hard Drive in Sept 1998 (June '98 install was over 95, clean is better).
That Dell Latitude LM P133 is still very stable on the ninth year since OS install, runs great on AntiVir w/Rootkit Scan, but the end is near.

I spent a year with a VAIO, two formats due to hardware failures and one when Norton AntiVirus refused to run.

Dell D800 should have been formated the day it arrived, had specified 'No AntiVirus' (after McAfee experience) but it still had all this 'trial' junk to remove.. three years and seven months and nowhere close to any need for format.