Scanning emails: necessary?

Discussion in 'other anti-virus software' started by besafe, Apr 23, 2007.

Thread Status:
Not open for further replies.
  1. besafe

    besafe Registered Member

    Joined:
    Mar 29, 2007
    Posts:
    222
    If your AV has resident protection that is constanstly looking for viruses and checking all .exe's before they are opened, is an email scanner really needed? In this case, what benefit would that scanner provide?

    For example, Avira Antivir seems to be an exceptional AV. The free version does not scan emails, but you are supposed to be safe due to the resident protection. So what exrtra benefit does the email scanner in the paid version provide?
     
  2. Hipgnosis

    Hipgnosis Registered Member

    Joined:
    Aug 26, 2003
    Posts:
    297
    Location:
    Witness Protection Program
    I suppose the benefit would be to catch malware before it gets downloaded to your PC.
     
  3. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    What are the threats from email?

    1) Remote code execution embedded in HTML.

    Solution: set program to view in text mode only; delete all messages from unknown sources

    2) Executables in an attachment

    Solution: don't click on executables in an attachment


    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  4. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    link below to past discussion on Scanning emails: necessary?

    You don't need an email scanner... and Functions of Anti-Virus software. . .
    ___________________________________________________

    Sixteen months of AntiVir Classic (no 'Email' scan app) and have had Eight Detections, three were False Positives and of the Five True Positives, Three were in Email (two from Guard and one from Demand Scan, that one had been hidden from Norton for years:) )
     
  5. SalemDesign

    SalemDesign Registered Member

    Joined:
    Apr 25, 2007
    Posts:
    3
    One not uncommon scenario is that you receive an email with a virus contaminated attachment that you don't save or open... You just forward it to someone else with the result that you inadvertently infect their computer without realizing it. You were always protected but you just messed up your friends machine... And even if their antivirus catches it, you get the blame for having sent it.

    I do think that having email attachment scanning is a good idea. And it cannot be that hard to implement since the majority of antivirus products provide it.

    --Doug / SalemDesign
     
  6. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    #1. that would be irresponsible on your part, how difficult would it have been to check it first.:rolleyes:

    #2. A First Rule for Email Safety is to NEVER Click an attachment that you were not expecting!
    .....(Your Mother's System could be infected with a self replicating worm or virus.)

    .....{My Sister's was [she has known computers since she built from a RadioShack Kit] and
    she quickly Emailed a warning, but I had not 'clicked' the attachment}.:eek:

    Secondary rules include text>HTML, no preview pains etc..
     
  7. SalemDesign

    SalemDesign Registered Member

    Joined:
    Apr 25, 2007
    Posts:
    3
    Oh, come on. Let's say I get an email from Harry asking if I have the latest version of the ACME engineering proposal. I don't but I send an email to Bob, Bill, and Mary asking if they have it. It turns out that Mary does, so she sends it as an attachment to me... I am not necessarily going to open it. I will most likely just forward it to Harry. And if Mary had a MS Word macro virus on her machine, I just infected Harry.

    This is a particular problem when users *think* they have attachment scanning (most AV systems do). I just found out that Zone Alarm Security Suite 7 does *not* have email virus scanning. The previous ZASS version *did* have email scanning, ZASS 7's help *says* it has scanning, but ZoneAlarm did not (apparently) have time to implement it when they switched to the Kaspersky AV engine.

    --Doug / SalemDesign
     
  8. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    This would not happen if Harry's policy was to use MSWordViewer to read other's Word Documents.

    In addition, if Harry doesn't have other protection in place to catch the "inadvertant accident" then he needs to re-think his security.

    If anyone today gets infected from a macro-virus, they either are not informed, or just plain dumb.

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  9. SalemDesign

    SalemDesign Registered Member

    Joined:
    Apr 25, 2007
    Posts:
    3
    Yeah, true. It also wouldn't happen if nobody had ever created a computer virus.

    But we are talking real world here. Computer viruses are a fact of life and the fact that one cannot depend on the Harry's of this world to be either well informed or smart is also here to stay.

    The unfortunate truth is that we need layers of redundant protection. And we cannot depend on the folks we are sending emails to to be "protected".

    I have Exim virus checking at the server level for incoming email, I *thought* I had local incoming email scanning with ZoneAlarm Security Suite, I *do* have on-access file scanning, and I *thought* I had outgoing email scanning with ZoneAlarm Security Suite, and I *do* have outgoing virus scanning at the SMTP server level.

    The fact ZASS 7 does not have inbound or outbound email scanning at the POP3 and SMTP interface just removed two out of five layers of protection.

    --Doug
     
  10. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    That is for sure! But why does it have to be "unfortunate?" It's not a big deal to show someone how to set up a security strategy, with solutions protecting against the various attack points of malware.

    The first part of your statement is certainly true, but the last phrase (my emphsis) does not have to be a foregone conclusion. While it seems to be an uphill battle, every person we can help to become more aware is one more person less likely to get infected. The alternative is not very encouraging.

    regards,

    -rich

    ________________________________________________________________
    "Talking About Security Can Lead To Anxiety, Panic, And Dread...
    Or Cool Assessments, Common Sense And Practical Planning..."
    --Bruce Schneier​
     
  11. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    For most forum members here, I believe no.
    For the mainstream populace (the other 99.98%), I believe it serves a valid purpose (although not of critical importance).
     
  12. InfinityAz

    InfinityAz Registered Member

    Joined:
    Jul 23, 2005
    Posts:
    828
    Location:
    Arizona
    Isn't this very topic and discussion the reason most ISPs scan their customer's emails before it reaches their email client?

    Truthfully, I cannot even remember the last time any of my email accounts was the vector for getting malware into my computer.
     
  13. Bob D

    Bob D Registered Member

    Joined:
    Apr 18, 2005
    Posts:
    1,150
    Location:
    Mass., USA
    Same here.
    Which makes you wonder.
    Polls suggest that email attachment vector is responsible for +/-90% of infections!
    I don't understand...user ignorance/naïveté?
    If incoming email scanning did not detect a threat, should not execution of the virus laden file have been caught by the AV and subsequently alerted/cured/quarantined the suspect file?
     
  14. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    there is one thing your forgetting
    most big companies use symantec for email sanning e.g. yahoo
    now most people who dont know about computers have norton on there desktop.
    if there the same signitures it would bypass both of them.
    if the user doesnt know about safe hex with email attachments they would get infected.
    lodore
     
  15. gerardwil

    gerardwil Registered Member

    Joined:
    Jan 17, 2004
    Posts:
    4,748
    Location:
    The Netherlands
    I found out that my ISP is doing a good job regarding email virus scanning.
    I am testing out their Spam blocker.
    Both are free.


    Gerard
     
  16. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    AntiVir Demand Scan found a particularly nasty WORM inside a 'never opened' attachment that Norton (w/ Email Scan) had ignored for years.

    A Kaspersky OnLine Scan once found one inside Hotmail Deleted items Folder (MS Outlook pst) that again, had been missed by the latest
    Norton Email scanner.
     
  17. toasale

    toasale Registered Member

    Joined:
    Apr 19, 2006
    Posts:
    86
    Location:
    Alabama
    I note these "I don't think I need the........" and "why even have it" and so forth and I wonder >>>>> Probably these cats have not reformated as much as I have nor as much as the units I am requested to repair.

    When I brush my teeth I do the front AND back. Heard of cavaties?


    o_O
     
  18. pilotart

    pilotart Registered Member

    Joined:
    Feb 14, 2006
    Posts:
    377
    No doubt I have not reformated as much as you. :rolleyes:

    Win98 was formated with a new Hard Drive in Sept 1998 (June '98 install was over 95, clean is better).
    That Dell Latitude LM P133 is still very stable on the ninth year since OS install, runs great on AntiVir w/Rootkit Scan, but the end is near.:doubt:

    I spent a year with a VAIO, two formats due to hardware failures and one when Norton AntiVirus refused to run.:'(

    Dell D800 should have been formated the day it arrived, had specified 'No AntiVirus' (after McAfee experience) but it still had all this 'trial' junk to remove.. three years and seven months and nowhere close to any need for format.:thumb:
     
Loading...
Thread Status:
Not open for further replies.