Do you trust webmail Anti-Virues?

Discussion in 'malware problems & news' started by Triple Helix, Feb 26, 2010.

Thread Status:
Not open for further replies.
  1. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    I surely don't just got hit with 8 that got by the Anti-Virus that my ISP uses and they use Yahoo mail but my Trusty NOD32 stopped them! :D

    TH
     

    Attached Files:

  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Yes. Fortunately, I've never gotten an email with malware attached. Instead, a notification will come, such as:

    Code:
    -------------------------------------------------------------------
    MDaemon has detected restricted attachments within an email message
    -------------------------------------------------------------------
    
    From      : xxxxxxxxxxxxx
    To        : yyyyyyyyyyy
    Subject   : market document
    Message-ID: <ohrfm4hmv88d8g0jpnhu6q9e8s80m6bvbj@4ax.com>
    
    ---------------------
    Attachment(s) removed
    ---------------------
    market.xls .exe
    
    
    However, these get by, because there is only a URL - I revealed it by hovering the mouse over the hyperlink:

    email.gif

    My ISP offers both POP3 and Webmail -- His Spam/AV product is MDaemon.PRO.v9.6.4

    I receive only 2 or 3 Spams per week, so his product is very effective. I upload the Spam to his Bayesian Learning folder on the webmail site. Sometimes I peek inside the Spam trap to see if any malware might have slipped through. I never find any.

    email-2.gif

    The Urgent Transfer and Western Union messages in the list are a Malaysian and Nigerian Scam. I can't believe that stuff is still floating around!

    ----
    rich
     
  3. siljaline

    siljaline Former Poster

    Joined:
    Jun 29, 2003
    Posts:
    6,619
    Hi Rich, I got a 419 Scam email on one of my web based accounts yesterday.

    Fortunately the software of the webmail was intuitive enough to inform me that is was likely forged and did not originate for it's supposed sender.

    I would have been happy to share the forged headers but I've deleted it.
     
  4. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Spam is a different story so much get through but my Junk Mail Folder in Outlook 2007 gets 99% of them!
     

    Attached Files:

  5. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    Whatever my ISP uses seems to work pretty good. Most emails with viruses are "stripped" when they arrive in my inbox and I rarely get spam.

    I think that Yahoo uses Norton for their antivirus. I haven't used Yahoo for a while so I am not sure. Any signature based AV that they would use these days is a crap shoot at best.
     
  6. noone_particular

    noone_particular Registered Member

    Joined:
    Aug 8, 2008
    Posts:
    3,798
    I've got about 30 infected e-mails and attachments from Yahoo that their AV missed. Half of them were quite new and were missed by most of the AVs on VirusTotal at the time. Out of the remaining ones, about half of the ones that Yahoo's scan said was clean were caught by the same AV at VirusTotal, which makes me question their updating policies.

    I had already concluded that AVs weren't reliable enough to serve as a primary defense. I was using AVs as a secondary layer behind the default-deny primary protection, but after seeing how poorly they did against just what turned up in my mailbox, I removed the remaining AV manual scanners from my system. They're a waste of space on the hard drive.
     
  7. Threedog

    Threedog Registered Member

    Joined:
    Mar 20, 2005
    Posts:
    1,125
    Location:
    Nova Scotia, Canada
    And therin lays the problem. Most webmail relies on blacklist AV solutions but we are seeing more and more all the time that blacklist AV just dosen't cut it anymore with todays malware.
     
  8. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    But believe it or not some that I know depend on the webase email protection and I always tell them that they need there own protection on there own system and they say WHAT! Ignorance is bliss I guess :rolleyes::rolleyes::rolleyes::rolleyes:

    TH :'(
     
  9. rothko

    rothko Registered Member

    Joined:
    Jan 12, 2005
    Posts:
    579
    Location:
    UK
    i used to use a web based service that utilised Norton, although this is going back about 4 years, and I would get a few slip by Norton but were stopped by my installed AV, NOD32.

    I certainly wouldn't rely solely on the AV used by the email service, but it is good to know that 2 AVs are scanning your emails without conflict.
     
  10. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,012
    Location:
    Ontario, Canada
    Well I got this 6 times today:


    TH
    [FONT=&quot][/FONT]
     
Loading...
Thread Status:
Not open for further replies.