Is an email AV scanner really needed?

Discussion in 'other anti-virus software' started by InfinityAz, Aug 17, 2005.

Thread Status:
Not open for further replies.
  1. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    I currently use Bitdefender 9 on my desktop computer and it scans my emails. I've been trying most of the free AVs to use on my laptop and really like AntiVir PE (followed by Avast). However, AntiVir PE doesn't have a real-time email scanner (you have to get the paid version for that).

    Then I started thinking about when was the last time I've even received any malware via email and I can't recall (it's been many years). I attribute this to several things:

    - I practice safe hex (most of the time).
    - My anti-malware setup will hopefully catch anything before I become infected and/or get rid of it after the fact.
    - Most IPSs scan incoming email which greatly reduces the chance of something getting through (both for myself and others I send email to).

    So, that's why I ask:

    Is an email AV scanner really needed and/or a necessity?

    Additionally, when was the last time you received any malware via email?
     
  2. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Same here. Rarely receive anything, but it's pretty easy to spot. All of my friends/contacts abide by a rule: no executables sent by email. Except when planned ahead of time.

    Only you can answer that...

    A couple of months ago - the Osama bin laden trojan - pics.scr - in a zip file - the ISP scanner missed it. The reason I knew what it was is because a friend had received one earlier and I asked him to send it to me so I could test it.

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    like rmus said its rele up to u. i use web mail like yahoo and gmail. yahoo scans my attachments and gmail...id have to purposely download the malware attachment at which point nod32's amon or imon module would catch it. however i remember years ago when i had aol and NAV. i think i got infected a few times cause of my dad downloading email but it wasnt from an email client. the resident scanner caught the trojan. in conclusion, if u use a email client it might be worth ur time to have an email av otherwise probably not.
     
  4. StevieO

    StevieO Guest

    Hi,

    Probably not with ISP etc intervention, unless you're trigger happy of course. But as they say, it's another layer. And if it doesn't slow things down too much then, why not.


    StevieO
     
  5. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    My ISP scans messages too for viruses and I like the extra protection my antivirus (& other security apps) give me. :)
    Even without an AV scanner, my email client can't be compromised when receiving a nasty, but still I don't like virusses residing inside my mailboxes.
    If you want protection I should say you need an AV scanner, but that decision is entirely up to you. ;)
     
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Mail scanners are only monitoring POP3 mail from your ISP to your mail client. If you use Browser based web-mail it will NOT be checked by a mail scanner. Mail scanners have no application to web-based mail, which will be scanned by your AV through your browser in the same way as any other internet surfing.

    If you use a mail client, such as Outlook Express, then your mail will be scanned by your AV as soon as you attempt to access it; so you do not need a mail scanner to be adequately protected. Mail scanners are more for convenience, for example AVs such as Kaspersky and AntiVir do not scan archives realtime, but the mail scanner will scan an archive. If you didn't have a mail scanner you would have to save the archive and scan it manually with the demand scanner if you wanted to check it before extracting anything. But this is a minor inconvenience since your AV will pounce the moment you do attempt to extract a file.
     
  7. dan_maran

    dan_maran Registered Member

    Joined:
    Aug 30, 2004
    Posts:
    1,053
    Location:
    Stamford, CT
    I always turn off the resident email protection, as I normally use web based services also. I have never been infected by a email born virus/worm, or any other virus I didn't instigate myself knowingly. So all in all it depends on how you feel if you feel you are safe enough without it then go for it, personally I hate extra processes running which do nothing besides eat up system resources.

    The last email I recieved with malware attached was the Sober.O variant, no infection ever came of it though. HTH
     
  8. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    For me is essencial...

    I use an Email-Client and want all the infected emails deleted instead of have to open the files to see if they are infected... ;)
     
  9. trickyricky

    trickyricky Registered Member

    Joined:
    Mar 27, 2005
    Posts:
    475
    Location:
    London, UK
    It really depends on your email program and your own common sense. If you use an email program which is sensible about attachments, HTML and scripts, you should be fairly safe. Common sense will deal with the remaining threats, which will hopefully be few and far between if your ISP already carries out virus/malware filtering.

    I myself use The Bat! for email and F-Prot as my AV, which of course doesn't scan emails. But The Bat! doesn't automatically run attachments and doesn't use the Windows/Outlook address book, so is pretty safe for email. I have NEVER had a virus infection on any PC of mine EVER, so I can't have got it too wrong, can I? ;)
     
  10. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I agree with you and I never open an unknown email, and normally my email client report them as junk, but I like to have all the email clean instead of my ISP have or not an AV... ;)
     
  11. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    You don't have to open them since anything written to HD is scanned by your AV.

    But what difference does it make? If your email scanner says you are clear you open the mail; if you have no scanner and open the mail your AV will still get the baddie. If it can't get the baddie when you open your mail, it can't get it during an email scan - so it makes little difference.
     
  12. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I answered that on my previous reply ;)
     
  13. Randy_Bell

    Randy_Bell Registered Member

    Joined:
    May 24, 2002
    Posts:
    3,004
    Location:
    Santa Clara, CA
    Symantec published on their Site several years ago that the POP3 scanner was only a secondary line of defense, because the realtime monitor {Auto-Protect} will protect from opening infected emails. However I personally prefer to keep my NAV POP3 scanner {it is an installation default} so that nothing I wish to block ever makes it into my inbox. Because I share samples with friends, I have set my email scanner to the option "Ask me what to do" when anything is detected, so I have a chance to screen anything before NAV nukes it automatically -- the default recommended setting is to "Automatically repair the infected file". As for when did I last receive any malware via email -- just few days ago I got a "taxes.zip" attachment that NAV flagged as Trojan.Tooso.L and my wife got a "Mytob" worm variant oh, couple weeks ago as I recall, that NAV flagged on her box. HTH .. ;)
     
  14. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    Don't rely too much on your ISP as stuff still gets through. I consider a email scanner a requirement.
     
  15. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Like me ;)

    My ISP have an AV, but I continue to receive infected email messages...
    The most ones with Phishing...
     
  16. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    How does your scanner alert you to an email with Phishing? What does the alert message say?

    thanks,

    -rich
    ________________
    ~~Be ALERT!!! ~~
     
  17. The Hammer

    The Hammer Registered Member

    Joined:
    May 12, 2005
    Posts:
    5,619
    Location:
    Toronto Canada
    I love the ones from phony African diplomats offering to transfer millions of American dollars into my bank account. But Iv'e never had a phishing alert from my AV.
     
    Last edited: Aug 17, 2005
  18. Stan999

    Stan999 Registered Member

    Joined:
    Sep 27, 2002
    Posts:
    566
    Location:
    Fort Worth, TX USA
    I get those email alerts with NOD.

    Example from log

    7/27/2005 12:32:56 PM IMON email message from: eBay Inc <custservice_ref_7941937250028@ebay.com> to: (edit)@charter.net with subject Important Banking Mail From eBay [Wed, 27 Jul 2005 dated Wed, 27 Jul 2005 13:20:38 -0500 HTML/Phishing.gen trojan
     
  19. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    It doesn't alert me because I set NOD32 to automatically clean the message.

    I saw in the subject message, for example:
    [virus HTML/Phishing.gen trojan] eBay: important account notification [Tue, 16 Aug 2005 08:43:34 -0200]
     
  20. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    :D :D :p
     
  21. bellgamin

    bellgamin Very Frequent Poster

    Joined:
    Aug 1, 2002
    Posts:
    5,648
    Location:
    Hawaii
    My primary AV is DrWeb, which DOES have an email filter, but I have it turned off.

    Because of my websites I have 15 mail accounts & receive LOTS of email every day, much of which is spam, some of which is *unfriendly*.

    Before sending email to my Spamihilator & Calypso, I first d/l just the headers with Pop Peeper. Over 95% of the spam & 100% of other crappola bites the dust in that stage. By the way, Pop Peeper is faster than greased lightning.

    Not a cough in a carload.
     
  22. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    KIS 2006 has an antiphishing module but I don't know how it works because I almost never get any spam so it hasn't had a chance to do its thing.

    KIS 2006 also downloads and presents the headers to all the email so you can delete it before it gets to your mail box if you want.

    I don't ordinarily use an email scanner but I am beta testing KIS. I don't have a need for an email scanner as my ISP scans both incoming and outgoing mail with Symantec corporate. Plus, I would never open an attachment without first downloading to disk and scanning it. Also, I read all mail in plain text and, of course, use no preview pane in OE.
     
  23. NGRhodes

    NGRhodes Registered Member

    Joined:
    Jun 23, 2003
    Posts:
    2,331
    Location:
    West Yorkshire, UK
    IMHO, the sooner you stop a nasty the better.
    Therefore its better to stop a virus as its being downloaded to my machine, than being download to my machine and not stopping it until I open my email.
    This is when I also like AV intergration with any software that downloads data/files to my PC.
     
  24. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    I total agree ;)
     
  25. Eldar

    Eldar Registered Member

    Joined:
    Jul 12, 2004
    Posts:
    2,126
    Location:
    Vilvoorde (Belgium)
    I read all mail in both (plain text and styled) and I do use my preview pane all the time in Barca. :D
    Exactly my thought. :)
     
Loading...
Thread Status:
Not open for further replies.