NOD32 And E-Mail Scanning

Discussion in 'NOD32 version 2 Forum' started by Graystoke, Jun 17, 2004.

Thread Status:
Not open for further replies.
  1. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    Hi everyone. I've been using NOD32 for quite a while now and like it very much. I don't post here much, but I do read most of the threads.

    Recently, I've read a thread about e-mail scanning. I've had no problems with virus' on my PC since I've been using NOD32, but should I be a little concerned about NOD not having an outgoing e-mail scanner? Even though it has never happened, there is always a possibility of something getting out, isn't there? Or am I getting a little paranoid here? :)
     
  2. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear Graystoke, its ok and perfectly normal to ask such questions. if NOD32 missed a worm ( which is highly unlikely ) then there is little chance of detecting it by outgoing mail scanner. but its possible to sniff a bug if there are some unusual behaviors. NOD32 doesn't miss any mass mailers so i don't think its a MUST.
     
  3. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    A weekly or daily scheduled scan by Nod will pick up anything, if AMON hasn't already :D

    To set up a scheduled scan see the following thread:

    https://www.wilderssecurity.com/showthread.php?t=33275

    And don't worry about posting Graystoke, post as many questions, queries and answers as you like, we are all here to learn and help each other, except for the occasional troll who just likes to stir things up… :D

    Hope this helps...

    Cheers :D
     
  4. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    Hi AMRX. Thanks for the reply. I guess I always had that little thought or fear that if NOD32 missed something, I might unknowingly send out a worm/virus to e-mail contacts. Not a good thing to do. If I had a wish list for NOD32, outgoing scanning would probably be on it. Just for peace of mind.
     
  5. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Hi Graystoke

    Several people have made the same wish as you. However I have decided to lean in the other direction:

    In the unlikely event that NOD32 doesn't catch a virus on it's way into your machine, and it doesn't catch the virus thriving on your machine, there doesn't seem to be much hope to catch it on the way out in an email either. At this point many people might wonder, "but what would the harm be of checking anyway?" Fair question. But I would say that having another component adds complexity and uses computing power, and if it doesn't seem likely to provide any benefit, then there is a slight harm.

    I prefer to have NOD32 run resident, have F-prot dos run on demand, and have both perform periodic (automated) system scans. Then I take it as written that anything that comes off my machine (email or other file) is clean.

    Best regards
    Optigrab
     
  6. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I don't know where you are located, but here in the US most ISPs are now scanning all email incoming and outgoing and mine has even currently dropped doc, .exe and .pif files due to the negative effects on our network from the Zafi.B/W32.Erkez.B@mm virus . These files can be sent and received only if zipped and password protected. So, email scanning by an av is, in many cases, just an added protection as it will be caught by the ISP anyhow or not even allowed unless zipped and passworded. The real problem is that many still don't use an av and/or don't keep it updated.
     
  7. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California
    Hi Blackspear and Optigrab. Looks like I replied to AMRX before your posts appeared.

    Thanks to both of you for reassuring me that I am safe with NOD32 the way it is. 99.5% of said I was, but that doubt crept in. LOL.

    Blackspear, I read that thread that your link points to when it first was posted. I now have NOD32 scanning every week. Also, thanks for the kind words.



    Mele20, I'm located in Northern California. I know for sure my ISP, Comcast HSI, does scan incoming e-mail. Don't know about outgoing e-mail. I'll have to give them a call to check on that.
     
  8. Mele20

    Mele20 Former Poster

    Joined:
    Apr 29, 2002
    Posts:
    2,495
    Location:
    Hilo, Hawaii
    I have Road Runner in Hawaii and Road Runner has been checking inbound mail from outside the network for a year and one-half now. Three months ago, it quietly began (no notification to users of any sort) scanning ALL mail outbound with attachments and inbound including mail being sent and received just within the network.

    I would suspect Comcast is doing the same now and just may not have notifed the users. In the case of outbound scanning, Road Runner does not notify the sender that they attempted to send an infected attachment! They just strip it and rely on the recipient to let the sender know.
     
  9. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California

    I'm going to give Comcast a call tomorrow to find out if they do outbound e-mail scanning. I'll post what I find out here, in case anyone is interested.
     
  10. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    I've seen people previously mention that Comcast scans email for viruses, but I have Comcast and as far as I know it only offers spam filtering by Brightmail. It doesn't mention anything on its site about filtering email for viruses and there is no Brightmail option for that (unlike my dial up ISP which can scan incoming email for both spam and viruses if the user selects those options). I don't know if there are regional differences in what Comcast may offer, although I also am in Northern CA (a former ATTBI customer).

    Given the posts I've seen on the Comcast message board about receiving viruses in email, I question that Comcast filters email for viruses.
     
  11. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,375
    With AMON running, it is unlikely that you could attach an infected file to an email, simply because AMON would spring into action and block access to that file.
     
  12. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California

    The only experience I have with Comcast e-mail scanning is with the Eicar file. I've tried a couple of times to send myself an e-mail with the Eicar file attached to test NOD32. I had to disable AMON to do it. Both times I got a message stating the attachment was infected, and has been deleted by Brightmail using Symantec technology. I don't remember the exact wording, but that's pretty close.

    I also am a former ATTBI customer
     
  13. Graystoke

    Graystoke Registered Member

    Joined:
    Aug 15, 2003
    Posts:
    1,502
    Location:
    The San Joaquin Valley, California

    That is very good to know. Looks like none of the attachments I've ever sent out were infected, because none have been flagged by AMON.
     
  14. Arin

    Arin Registered Member

    Joined:
    May 1, 2004
    Posts:
    997
    Location:
    India
    dear Graystroke, its nice to know that you don't want others to be infected. in this context i'd like to add that even though you haven't sent any mails, you can get mails from you friends complaining about infected mails originating from your system. your e-mail address can be spoofed too so don't be alarmed and always remember to keep your AV up to date.

    dear Blackspear and optigrab, when i said NOD32 i meant all of its components. so lets say if NOD32 misses a mass mailer what can we do? if we see that lots of mails are going out frequently we sure can sniff a mass mailer here. i'm talking about that type of outgoing scanner. maybe this isn't a bad idea if we wish an outgoing scanner as our Xmas present.

    yes i know someone will say that NOD32 never misses a worm so i don't need it.
     
Thread Status:
Not open for further replies.