A question about virus scanning of client email files

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
What happens in this scenario:

1.  I have a good AV program that is at latest updates.  It filters
    email, message by message as they come in from a pop server.

2.  I get an email message with an attachemnt that has a virus that is
    not yet recognized by the AV program.  It passes.

3.  The message is appended to my TB Inbox, which is a huge file
    with *ALL* my mail, including attachments.

4.  My AV vendor discovers the virus and adds it to the next update.

5.  My AV product does it's daily or weekly full system scan,
    discovers the virus in the file that is my Inbox file.

If I ask the AV product to delete or quarantine the bug, can the AV
product parse the Inbox and just delete the infected attachment or
does it delete the file, and all my mail.


--
a d y k e s @ p a n i x . c o m

Don't blame me. I voted for Gore. A Proud signature since 2001

Re: A question about virus scanning of client email files

On 1 Aug 2006 09:42:10 -0400, adykes@panix.com (Al Dykes) wrote:

Quoted text here. Click to load it

Not likely. The safe way to handle email attackments is to dispense
with them one way or another immediately. All unsolicted attackments
should be deleted right off the bat. Others should be Saved to a
test folder to be scanned later before deleting from within the email
app. That way no attackments are ever allowed to be stored in
your email archives and forgotten.

Give the Saved attackment file a few days before updating your
av and scanning it. That allows time for your av vendor to
hopefully add sigs for new and previously "unknown" malware.
There's no need for that silly nonsense about scanning email.
That's just a dumb marketing feature, and it's dangerous
because it lulls naive users into believing they are getting
some kind of added protection. Your only real protection is
to use your head and practice "safe hex".

Art
http://home.epix.net/~artnpeg

Re: A question about virus scanning of client email files

Quoted text here. Click to load it

Thank you.  

Now, can someone answer my question :-)

--
a d y k e s @ p a n i x . c o m

Don't blame me. I voted for Gore. A Proud signature since 2001

Re: A question about virus scanning of client email files

On 2 Aug 2006 08:27:35 -0400, adykes@panix.com (Al Dykes) wrote:

Quoted text here. Click to load it

I did! I said "not likely". You want that in more certain terms?
OK. Your goddam av won't be able to do anything with attackments
in your goddam TB inbox. Is that better?

Art
http://home.epix.net/~artnpeg

Re: A question about virus scanning of client email files

Art wrote:

Quoted text here. Click to load it

Heh, beat me to it, Art.  "Not likely" is a good answer. If the a-v is
not smart enough to detach an attachment in a long text file, well, thar
ya go...

In Thunderbird, (set to view all messages) click on the column heading
paperclip icon to sort by those with attachments, and delete the suspect
emails. Or, View > Sort by... > Size   and pick them out that way.

--
   -bts
   -Warning: I brake for lawn deer

Site Timeline