Outgoing Email Scan?

Discussion in 'NOD32 version 2 Forum' started by snowfire, Mar 10, 2005.

Thread Status:
Not open for further replies.
  1. snowfire

    snowfire Registered Member

    Joined:
    Feb 12, 2005
    Posts:
    38
    Hi! Everyone,

    I am fairly new to NOD (registered v2.12.3). Also, I have winxp sp2 and Outpost Firewall...along with several other security layers.

    I am familiar with the debate about the pros/cons of scanning outgoing email. Nevertheless, I have a couple questions:

    1.) Does AMON, in a sense, scan outgoing email as I have read elsewhere (not on this forum I think)...or is it DMON that does that?

    2.) Is there an outgoing email scan plugin?

    3.) A google result for the Eset website states there is an outgoing email scan...but when I go to the site I can't find anything specific though it does mention somewhere (for which version I am not sure)
    under Features (I believe) that it scans smtp and POP3. Am I missing something?

    Thanks!!!
    snowfire
     
    Last edited: Mar 10, 2005
  2. rdsu

    rdsu Registered Member

    Joined:
    Jun 28, 2003
    Posts:
    4,456
    Hi snowfire,

    1. Yes, AMON scan the files when you sent an email. DMON is a Document MONitor, AV support for MS Office.

    2. No :(

    3. IMON only scans incoming mail via POP3. EMON scans incoming mail via MAPI.

    Regards
     
  3. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    57,740
    Location:
    Texas
    Server mail can be scanned both ways.

    XMON stands for MS Exchange MONitor which serves for scanning incoming and outgoing email utilizing the MS VSAPI interface on MS Exchange servers. The minimum requirements are MS Exchange 5.5 SP3, MS Exchange Server 2000 SP1, MS Exchange 2003 or higher. The newer version of MS Exchange server you have, the more features are available in XMON.

    http://www.nod32.com/scriptless/support/ans/14a.htm
     
  4. snowfire

    snowfire Registered Member

    Joined:
    Feb 12, 2005
    Posts:
    38
    :D Thanks!


    "1. Yes, AMON scan the files when you sent an email. DMON is a Document MONitor, AV support for MS Office."

    So...does that mean that I can honestly and realistically say at the end of my outgoing emails that the were scanned by NOD32?

    Thanks Again,
    snowfire
     
  5. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Yes you may
     
  6. snowfire

    snowfire Registered Member

    Joined:
    Feb 12, 2005
    Posts:
    38
    :D :D :D :D...Why, Thank-You Very Much!!

    Bye,
    snowfire
     
  7. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    lol . No problem . Hope that helped . Take care and enjoy NOD
     
  8. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    With EMON, outgoing email can be scanned also.

    However, if AMON or NOD32 scanner doesn't find anything, there would be no sense in scanning outgoing email as it would not discover another virus not detected by AMON previously.
     

    Attached Files:

    • emon.png
      emon.png
      File size:
      11.6 KB
      Views:
      433
  9. Gauthreau

    Gauthreau Guest


    There is something not quite right about this logic. I just can't put my finger on it.

    Neil
     
  10. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Don't you think it's logical that if the on-demand scanner doesn't find anything there's no chance a mail checker could discover a threat in outgoing email?
     
  11. Phil_S

    Phil_S Registered Member

    Joined:
    Nov 13, 2003
    Posts:
    152
    Location:
    UK
    I suspect, like me, Gauthreau finds that perfectly logical.

    That being the case though Marcos, what is the point of implementing a separate outgoing email scanner?
     
  12. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    One possible answer is that a few of the majors do so and Eset are continually asked for it. And with newbies to Nod32 it will give peace of mind...

    Cheers :D
     
  13. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    The thing is that with AMON enabled, there's no chance you could attach an infected file to an email.
     
  14. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    I understand that, the however is, this being the case why are Eset making a module that does scan outbound? To which my answer applies ;) :D

    Cheers :D
     
  15. sinbad370

    sinbad370 Registered Member

    Joined:
    Mar 1, 2005
    Posts:
    68
    Location:
    Georgia
    I use an email client called Thebat. This program allows some anti-virus programs to scan incoming and out going mail by using plugins. I use a nod32 plug-in myself.
     
  16. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada

    because it's possible to disable amon?
     
  17. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    And , BlackSpear , you are correct . I am not a newbie but , a MAJOR gripe I have with alot of AV programs is they do not put a footnote in incoming and outgoing email . Means nothing to you I guess but , it is SUPER nice to have . I am comforted with that . I still run a full scan but , not as often as if I did not have the foot note to tell me it has been scanned . Some people , like me , depend on this part . It keeps me feeling comfortable . Knowing I do not have to go into NOD ans run a scan to make sure all is well . To me , the scan is more of a backup for me as the real time protection and informing me that emails have been scanned is the best medicine . A fact is a fact . The fact is , prevention is much better than having to find it after the fact . I say to NOD , keep it ! Do not change . Again , I fully agree with BS , ( nice initials ....lol ) , but , I am not a novice and love the simplicity in this program .
     
  18. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    AMEN .
     
  19. Phil_S

    Phil_S Registered Member

    Joined:
    Nov 13, 2003
    Posts:
    152
    Location:
    UK
    Well, you can already configure NOD to append a note to incoming emails - either all of them, infected only, or none, which I would agree is useful. But I still can't see the point of appending a message to outgoing email. To me, such messages are nothing but an irritation.

    Turning the situation around, do you trust such a message appended by the sender on emails you receive sufficiently to trust that the mail is not infected? I certainly don't, as I receive some from people whose AV solution is obviously not up to date (as evidenced by the message itself) and I've even received infected emails that deliberately have a bogus message appended purporting to have been scanned by some AV or other and declared virus free. The only message I would consider trusting to even the slightest extent is the one appended by my AV, on my machine, on receipt.

    And if you don't trust such messages on emails you receive (and IMO you'd be wise not to) doesn't that render the whole point of them rather meaningless?
     
  20. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    Another reason to have a module that can scan outgoing email is that the settings for it can be customized.

    For example, the default AMON settings don't scan in ZIP files. However, that makes it possible that I could send a ZIP file to someone that has malware inside, undected by NOD32, because it wasn't scanned. A special outgoing-email module could be configured to scan all attachments and messages.

    [Please, no one tell me to configure AMON to scan all files; that would be missing the point by a wide margin.]
     
  21. hollywoodpc

    hollywoodpc Registered Member

    Joined:
    Feb 14, 2005
    Posts:
    1,325
    Here we go . I already know how NOD works . I have it remember ? And glad you think it is an irritation . Seeing as how you do not see it scan outgoing . Ok . This is so stupid it is actually funny . You do not like the footer on incoming/outgoing mail ? That is pointless . It is a nice thing that has been added . To the people that do not care for it , get a life . I personally like it and do not see the point in removing something like this since it is already in the program . It causes no harm and some people might like it . If you are irritated by a foot note showing it has scanned an email , I have to wonder how life must be for you . If I did not like that part , I do not think irritation would come to mind . And you do not trust that footer when you get emails . Ok . It is still nice to have . I am not an idiot and send viruses . Sooooo , I feel proud to have that at the bottom of mine going out to friends . I do not trust anything incoming anyway . Ever heard of layered security ? Just another FREE layer telling you that it has been scanned . Need we argue over something nice . Oh yea . You do not look at it as nice . You see it as an irritation . Again , maybe another AV might suite you better .
     
  22. Triple Helix

    Triple Helix Webroot Product Advisor

    Joined:
    Nov 20, 2004
    Posts:
    12,011
    Location:
    Ontario, Canada
    I Double That and Triple This and that!!

    This Bud is for you hollywoodpc

    Cheers,

    dagolag:D
     
  23. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    How does a tag at the bottom of sent email messages equate to prevention?
     
  24. Caratacus

    Caratacus Registered Member

    Joined:
    Jun 27, 2003
    Posts:
    164
    Location:
    Australia
    It verifies that a check has been done, just as a "No viruses found" at the end of a system scan does. It verifies this for the sender and to some extent for receiver, so that both know the mail has been checked. Thus it provides information as to how the security of the email process is working.

    Since it would be very simple to implement, why not include it as an option that users can deploy or not? I would like my email recipients to be explicitly informed that I had taken the care and courtesy of having incoming/outgoing emails checked.

    I use Barca client & NOD32 apparently doesn't do an outgoing check ofr this client. I wish it did, even if the philosophy is that it unnecessary. Surely much "layered defence" could be described as "unnecessary" - but the point is that the layers provide failsafe security. My final point is that the impression od security is surely an important part of the totality of security. So I reckon: make the outgoing scans and the email tags an option.
     
  25. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    But those messages don't "prevent" anything. They may provide you feedback, but they don't in and of themselves provide any sort of preventative measure.

    I have my wife send me an email every day when she gets to work. This tells me that she's OK. But it's her safe driving that gets her there every day; the email is just feedback.

    I was just trying to understand the thinking behind the desire to have a message on outgoing emails. Basically, it just provides a warm fuzzy. That's fine, but come right out and say "I want a warm fuzzy"; don't try selling it to us as if it's an actual layer of security.
     
Thread Status:
Not open for further replies.