Sandboxie Question

Discussion in 'other anti-malware software' started by ejr, Dec 20, 2006.

Thread Status:
Not open for further replies.
  1. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    I love the concept of sandboxie and have even reccomended it to others based off what I have read in this forum. I want to try it. I feel that it is a good idea to run your browser and email client in the sandbox. However, I have numerous questions about running the email client in the sandbox.

    1. I send and receive a couple hundred, some days up to 1000 emails a day (rarely but twice a year). I have a MS Access based database that hooks up with outlook express (OE) to quickly send many emails. Would my database that sits outside the sandbox be able to connect to Outlook express to send emails if OE is in the sandbox?

    2. People send me resumes every day. I need to save these resumes. Is it easy to save a file that has been emailed to you outside the sandbox if OE is in the sandbox.

    3. When I receive a resume, I copy and paste it into my MS Access database. The database then takes the name, address, phone and email and autopopulates those fields in the database. It also takes the information and creates a MS word resume inside the access database (which it then indexes). If I am receiving these resumes insifde the sandbox, would I still be able to do this?

    So I simply have several reservations about running OE in the sandbox, though I feel it is a good idea.
     
  2. lucas1985

    lucas1985 Retired Moderator

    Joined:
    Nov 9, 2006
    Posts:
    4,047
    Location:
    France, May 1968
    perhaps it´s a better idea to run the mail client with limited rights(DropMyRights) or a "sandbox" that allows write to the real disk(GeSWall)
    I´ve not tried Sandboxie with any mail client
     
  3. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    Well, presently I simply run my mail client and rely on NOD32 and Spyware Doctor to catch any nasties. Haven't had a problems for a couple years. So I could probably just run IE in the sandbox and leave the mail client as is.
     
  4. ggf31416

    ggf31416 Registered Member

    Joined:
    Aug 20, 2006
    Posts:
    314
    Location:
    Uruguay
    You can use the option Configuration -> Sandbox Settings -> Set File Copy Options -> Allow Microsoft Outlook (Office and Express) full access to mailbox files.
    If that doesn't fit your needs you can configure Sandoxie manually (Edit Configuration) to allow specified programs to write directly to specified paths and registry keys, using Open File Path and Open Key Path.
     
  5. mizar

    mizar Registered Member

    Joined:
    Jul 26, 2006
    Posts:
    31
    about the incompatibility btwn sandboxie and nod32(imon module) pls have a look at these threads:

    https://www.wilderssecurity.com/showthread.php?t=141233&highlight=sandboxie

    http://sandboxie.com/phpbb/viewtopic.php?t=353&highlight=nod32

    to sum up; imon does not scan net connection that is requested by any sandboxed application(browsers,email clients etc),problem still exits even wtih the latest version of nod32.:(

    just wanted to make you aware about that....

    take care
    Mizar
     
    Last edited: Dec 21, 2006
  6. ejr

    ejr Registered Member

    Joined:
    Nov 19, 2005
    Posts:
    538
    Thank you for this. The question is this, does NOD need to scan those files? If the browser is in the sandbox, anything downloaded by the browser will be in the sandbox, correct? So even if it is malware, it will be flushed from your system when you empty the sandbox and won't have access to your system while it's in the sandbox.

    If it did manage to escape the sanbox, NOD would then catch it.

    Is my logic correct?
     
  7. mizar

    mizar Registered Member

    Joined:
    Jul 26, 2006
    Posts:
    31
    Actually it is correct.Imon is just another layer for security,it is supposed to find whether the data is malicious or not before it is written to your hard disk and block if it is .By using sandboxie one removes this layer but if imon is able to detect malware then amon also will be able find it in the sandbox ; u can try that by eicar anti-virus test file ,when browser sanboxed instead of imon amon will detect it in the root folder of sanboxie

    one thing i can remember(i switched to kaspersky now) imon is able to scan zipped/rared files when they are being downloaded,but amon only detects them when accessed/executed.Try this with eicar_com.zip or eicarcom2.zip files,imon and amon modules will not catch them when downloaded with a sanboxed browser,amon will only detect them when extracted or a nod32 on demand scan will deal with these.This situation is a little compromise to use sandboxie i think...
     
    Last edited: Dec 21, 2006
  8. budfox

    budfox Registered Member

    Joined:
    Apr 5, 2005
    Posts:
    103
    I have run outlook 2007 beta with dropmyrights and sandboxie. Ran fine expect for the fact you had to re enter your password everytime you opened it. I am currently running dropmyrights with Geswall w/o any hangups.

    In terms of running a A/V with an email client..no need anymore in my opinion. I dont know of any email servers not running enterprise grade A/V's before the mail even gets to you. If you dont believe me, try to send yourself a virus. I tried sending martinskeylogger the other day for a test I wanted to run, and that never made it through due to the A/V flagging on Adelphia's end. That even surprised me. Just run dropmyrights infront of Outlook and turn off HTML ... no worries.

    If your still paranoid, run on demand scans on your C:\DocsNsettings folder every week. Dont think you will ever find anything. I havent in years.
     
    Last edited: Dec 25, 2006
Thread Status:
Not open for further replies.