Outlook - Integrated Client Questions

Discussion in 'ESET NOD32 Antivirus' started by meschubert, Dec 23, 2007.

Thread Status:
Not open for further replies.
  1. meschubert

    meschubert Registered Member

    Joined:
    May 29, 2007
    Posts:
    46
    Location:
    Manhattan Beach, CA
    In Setup, if I leave Email protection box checked under Email protection, but have the Enable email checking box unchecked under the POP3 filter, do I lose any protection if I only use Outlook to read my email?

    Since Outlook is an integrated email client, it doesn’t seem I should. This appears to be borne out by the fact that the counter for the number of scanned email messages increments with the above settings as Outlook downloads messages from my Yahoo, Gmail and Verizon accounts.

    Some other related questions:

    Does mail sent from Outlook get scanned since it is an integrated client? Again, the scanned email messages counter increments so I assume it is being scanned.

    Since there aren’t any comments I can find regarding SMTP scanning, I am assuming other outbound mail wouldn’t be scanned even with the POP3 filter checked. (A simple example would be the mail messages that NOD32 sends for an alert.)

    It also seems that Gmail using an encrypted link would be a non-issue in the case of downloading to Outlook. I’m guessing that the messages are scanned after they are decrypted since Outlook is an integrated client. Is this true? Again, the scanned email messages counter increments when Outlook pulls mail from Gmail.

    Am I missing something obvious? I’m not a POP3/SMTP expert so I’d like to know if any my assumptions based on a little testing are incorrect.
     
  2. meschubert

    meschubert Registered Member

    Joined:
    May 29, 2007
    Posts:
    46
    Location:
    Manhattan Beach, CA
    Bump - I'll ask my primary question in a different way and see if someone from Eset will provide an answer.

    If I only use Outlook for reading/sending email via my Yahoo, Gmail and Verizon accounts and have Email protection/Microsoft Outlook/ Email to scan options all checked, is there any reason to check Outlook.exe as an email client under Email Protection/POP3/Email clients

    It seems like it is redundant!?

    Thank you
     
  3. Nodrog

    Nodrog Registered Member

    Joined:
    Nov 10, 2007
    Posts:
    56
    Location:
    UK
    Hi meschubert

    Straight from the help file
    It sounds as if Outlook/OE is scanned using the plugin, not the pop3 protocol filter. So unless you want to scan any other clients that may be downloading pop3 then you could possibly clear the tick box - not sure it would save you any cpu cycles or not, not tried it.

    I'm not sure if there is any outbound smtp scanning going on at all (unless the plugin does this too, but that would be for Outlook/OE and not other possible clients) - it is possibly relying on the on-access scanned keeping your PC clean so that theoretically (cough, cough) you shouldn't be sending infected email. Given that its the same engine, its possibly not worth scanning outbound because the on-access would get it first [unless you were looking to use EAV only to scan email but had another vendor/engine doing the on-access??]

    cheers
    Gordon
     
  4. Nodrog

    Nodrog Registered Member

    Joined:
    Nov 10, 2007
    Posts:
    56
    Location:
    UK
    Sorry... what a wally!

    The plugin for Outlook has a tick box for Sent mail under the Email to scan settings - one presumes that means outbound.

    cheers
     
  5. meschubert

    meschubert Registered Member

    Joined:
    May 29, 2007
    Posts:
    46
    Location:
    Manhattan Beach, CA
    Hi Gordon,

    You will notice I didn’t ask the outbound question again in my second post; it is because I also noticed the Outbound tick box after posting the first time. :oops:

    I am good about searching the forums and reading the manual (I even printed and read the whole V3 manual); but I am bad about checking the help sometimes. I am used to there being more details in the manual versus in help, but this seems less true for software intended for home use.

    Are you quoting the ESS help file? I am curious because of the firewall reference. The following is something similar that I found in the EAV help file:

    Email protection works as a plug-in for the Microsoft email clients – Microsoft Outlook and Outlook Express. The main advantage of the plug-in control is the fact that it is independent of the protocol used. When the email client receives an encrypted message, it is decrypted and sent to the virus scanner.

    It answers my question from the first post regarding encrypted email too. I also went back and read through the manual again after the first post. I found the following:

    Email protection provides control of email communication received through the POP3 protocol. Using the plug-in program for Microsoft Outlook, ESET NOD32 Antivirus provides control of all communications from the email client (POP3, MAPI, IMAP, HTTP). When examining incoming messages, the program uses all advanced scanning methods provided by the ThreatSense scanning engine. This means that detection of malicious programs takes place even before being matched against the virus signature database. Scanning of POP3 protocol communications is independent of the email client used.

    The question I still have left and repeated in the 2nd post (and would appreciate an answer from Eset) is whether it is worth doing both? It is clear in the documentation that the POP3 scanning and plug-in scanning are independent, but is it smarter to turn on both for the case where you have Protocol Filtering set to "Applications marked as Internet browsers and email clients"? Are there potential attack scenarios where the POP3 scanning might catch problems that the plug-in could miss?

    Thanks for the help. Hopefully an Eset person will chime in too.

    Best,
    Mark
     
  6. Nodrog

    Nodrog Registered Member

    Joined:
    Nov 10, 2007
    Posts:
    56
    Location:
    UK
    IMO and experience - scanning "something" twice using the same scan engine is not worth it. Instead of simply scanning pop3, the plugin will be looking after Outlook more fully - including checking messages after they have been decrypted - the protocol filter can't do that because of the way they have hooked in the proxy - to additionally check the pop3 protocol is most likely redundant.

    The question of switching off pop3 protocol checking in general would then depend on whether you wanted to keep an eye in case something else was pulling down emails.

    All the best for 2008
    Gordon
     
Thread Status:
Not open for further replies.