Is an email AV scanner really needed?

I currently use Bitdefender 9 on my desktop computer and it scans my emails. I've been trying most of the free AVs to use on my laptop and really like AntiVir PE (followed by Avast). However, AntiVir PE doesn't have a real-time email scanner (you have to get the paid version for that).

Then I started thinking about when was the last time I've even received any malware via email and I can't recall (it's been many years). I attribute this to several things:

- I practice safe hex (most of the time).
- My anti-malware setup will hopefully catch anything before I become infected and/or get rid of it after the fact.
- Most IPSs scan incoming email which greatly reduces the chance of something getting through (both for myself and others I send email to).

So, that's why I ask:

Is an email AV scanner really needed and/or a necessity?

Additionally, when was the last time you received any malware via email?

 

Same here. Rarely receive anything, but it's pretty easy to spot. All of my friends/contacts abide by a rule: no executables sent by email. Except when planned ahead of time.

Only you can answer that...

A couple of months ago - the Osama bin laden trojan - pics.scr - in a zip file - the ISP scanner missed it. The reason I knew what it was is because a friend had received one earlier and I asked him to send it to me so I could test it.

-rich
________________
~~Be ALERT!!! ~~

 

like rmus said its rele up to u. i use web mail like yahoo and gmail. yahoo scans my attachments and gmail...id have to purposely download the malware attachment at which point nod32's amon or imon module would catch it. however i remember years ago when i had aol and NAV. i think i got infected a few times cause of my dad downloading email but it wasnt from an email client. the resident scanner caught the trojan. in conclusion, if u use a email client it might be worth ur time to have an email av otherwise probably not.

 

Hi,

Probably not with ISP etc intervention, unless you're trigger happy of course. But as they say, it's another layer. And if it doesn't slow things down too much then, why not.


StevieO

 

My ISP scans messages too for viruses and I like the extra protection my antivirus (& other security apps) give me.
Even without an AV scanner, my email client can't be compromised when receiving a nasty, but still I don't like virusses residing inside my mailboxes.
If you want protection I should say you need an AV scanner, but that decision is entirely up to you.

 

Mail scanners are only monitoring POP3 mail from your ISP to your mail client. If you use Browser based web-mail it will NOT be checked by a mail scanner. Mail scanners have no application to web-based mail, which will be scanned by your AV through your browser in the same way as any other internet surfing.

If you use a mail client, such as Outlook Express, then your mail will be scanned by your AV as soon as you attempt to access it; so you do not need a mail scanner to be adequately protected. Mail scanners are more for convenience, for example AVs such as Kaspersky and AntiVir do not scan archives realtime, but the mail scanner will scan an archive. If you didn't have a mail scanner you would have to save the archive and scan it manually with the demand scanner if you wanted to check it before extracting anything. But this is a minor inconvenience since your AV will pounce the moment you do attempt to extract a file.

 

I always turn off the resident email protection, as I normally use web based services also. I have never been infected by a email born virus/worm, or any other virus I didn't instigate myself knowingly. So all in all it depends on how you feel if you feel you are safe enough without it then go for it, personally I hate extra processes running which do nothing besides eat up system resources.

The last email I recieved with malware attached was the Sober.O variant, no infection ever came of it though. HTH

 

For me is essencial...

I use an Email-Client and want all the infected emails deleted instead of have to open the files to see if they are infected...

 

It really depends on your email program and your own common sense. If you use an email program which is sensible about attachments, HTML and scripts, you should be fairly safe. Common sense will deal with the remaining threats, which will hopefully be few and far between if your ISP already carries out virus/malware filtering.

I myself use The Bat! for email and F-Prot as my AV, which of course doesn't scan emails. But The Bat! doesn't automatically run attachments and doesn't use the Windows/Outlook address book, so is pretty safe for email. I have NEVER had a virus infection on any PC of mine EVER, so I can't have got it too wrong, can I?

 

I agree with you and I never open an unknown email, and normally my email client report them as junk, but I like to have all the email clean instead of my ISP have or not an AV...

 

You don't have to open them since anything written to HD is scanned by your AV.

But what difference does it make? If your email scanner says you are clear you open the mail; if you have no scanner and open the mail your AV will still get the baddie. If it can't get the baddie when you open your mail, it can't get it during an email scan - so it makes little difference.

 

I answered that on my previous reply

 

Symantec published on their Site several years ago that the POP3 scanner was only a secondary line of defense, because the realtime monitor {Auto-Protect} will protect from opening infected emails. However I personally prefer to keep my NAV POP3 scanner {it is an installation default} so that nothing I wish to block ever makes it into my inbox. Because I share samples with friends, I have set my email scanner to the option "Ask me what to do" when anything is detected, so I have a chance to screen anything before NAV nukes it automatically -- the default recommended setting is to "Automatically repair the infected file". As for when did I last receive any malware via email -- just few days ago I got a "taxes.zip" attachment that NAV flagged as Trojan.Tooso.L and my wife got a "Mytob" worm variant oh, couple weeks ago as I recall, that NAV flagged on her box. HTH ..

 

Don't rely too much on your ISP as stuff still gets through. I consider a email scanner a requirement.

 

Like me

My ISP have an AV, but I continue to receive infected email messages...
The most ones with Phishing...

 

How does your scanner alert you to an email with Phishing? What does the alert message say?

thanks,

-rich
________________
~~Be ALERT!!! ~~

 

I love the ones from phony African diplomats offering to transfer millions of American dollars into my bank account. But Iv'e never had a phishing alert from my AV.

 

I get those email alerts with NOD.

Example from log

7/27/2005 12:32:56 PM IMON email message from: eBay Inc <custservice_ref_7941937250028@ebay.com> to: (edit)@charter.net with subject Important Banking Mail From eBay [Wed, 27 Jul 2005 dated Wed, 27 Jul 2005 13:20:38 -0500 HTML/Phishing.gen trojan

 

It doesn't alert me because I set NOD32 to automatically clean the message.

I saw in the subject message, for example:
[virus HTML/Phishing.gen trojan] eBay: important account notification [Tue, 16 Aug 2005 08:43:34 -0200]

 

My primary AV is DrWeb, which DOES have an email filter, but I have it turned off.

Because of my websites I have 15 mail accounts & receive LOTS of email every day, much of which is spam, some of which is *unfriendly*.

Before sending email to my Spamihilator & Calypso, I first d/l just the headers with Pop Peeper. Over 95% of the spam & 100% of other crappola bites the dust in that stage. By the way, Pop Peeper is faster than greased lightning.

Not a cough in a carload.

 

KIS 2006 has an antiphishing module but I don't know how it works because I almost never get any spam so it hasn't had a chance to do its thing.

KIS 2006 also downloads and presents the headers to all the email so you can delete it before it gets to your mail box if you want.

I don't ordinarily use an email scanner but I am beta testing KIS. I don't have a need for an email scanner as my ISP scans both incoming and outgoing mail with Symantec corporate. Plus, I would never open an attachment without first downloading to disk and scanning it. Also, I read all mail in plain text and, of course, use no preview pane in OE.

 

IMHO, the sooner you stop a nasty the better.
Therefore its better to stop a virus as its being downloaded to my machine, than being download to my machine and not stopping it until I open my email.
This is when I also like AV intergration with any software that downloads data/files to my PC.

 

I total agree

 

I read all mail in both (plain text and styled) and I do use my preview pane all the time in Barca.

Exactly my thought.