Bad advice?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
Over in alt.usenet.offline-reader.forte-agent (Forte Agent news/email
client) someone gave this advice:

Quoted text here. Click to load it

This was in response to a question about Agent's data files getting
corrupted.

Is this good advice? Couldn't this leave the door open for malicious
attachments?

(Note: I use Avira 9)

--

Dennis

Re: Bad advice?

Dennis wrote:
Quoted text here. Click to load it

You'd have to manually set up exclusions. Avira would scan
Agent's network traffic, what it reads on the disk, and it
will scan when you actually look at the files. So unless
you have manually set up these exclusions, I wouldn't worry.
Even if you did and downloaded a file, Avira would still
scan it if you tried to open the file or used another program
to open it.

Re: Bad advice?

On Fri, 01 May 2009 13:31:04 -0400, Alfred Matej

Quoted text here. Click to load it

But they are recommending that you set up the exclusions. So you are
saying that if I set up exclusions, Avira would let Agent write the
malicious attachment to disk? And Avira then would somehow catch it
later if I tried to detach it (via Agent) and run it?

--

Dennis

Re: Bad advice?

Dennis wrote:
Quoted text here. Click to load it

Why do they want you to set up the exclusions? If I knew why I
could probably help you out a bit more.

For instance, when I have exclusions on my torrent software,
I can download a malicious file easily and my AV won't complain,
but if I go to the directory in explorer, my AV will detect it
through real-time scanning.

Oh one more thing, it is possible to set up an exclusion for a
whole directory. Instead of not scanning activity done by a
particular piece of software. I would not do this unless you have
a very good reason. Then the AV software will ignore everything
in that directory regardless.


Re: Bad advice?

On Fri, 01 May 2009 14:45:22 -0400, Alfred Matej

Quoted text here. Click to load it

This is exactly what they are saying Agent users should do ... exclude
the directory where Agent keeps the .dat files which contain your email
(and attachments before being detached). The reason they recommend this
is because apparently there have been reports of .dat files being
corrupted by AV scanners. I don't know if this has actually been proven
to be true. I suppose this could be true is the AV software tried to
quarantine something while Agent had the file open.

Maybe they assume you are using AV software that also scans incoming
email (like AVG)?

Since I back up my email folder weekly, I will not exclude any folders
and not worry about Avira 9 corrupting my email files. If I lose a weeks
worth of email, so be it.

--

Dennis

Re: Bad advice?

wrote:

Quoted text here. Click to load it

I have configured my Avira Antivir Scan/Archives not to scan Mailboxes
(last six entries of Archives.)

--
Fred W. (NL)

Re: Bad advice?

wrote:

Quoted text here. Click to load it

Forte Agent is not one of these.

--

Dennis

Re: Bad advice?

wrote:

Quoted text here. Click to load it


Then add the Agent files if you want.
I use Agent only for newsgroups.
For e-mail I use Mozilla Thunderbird.

--
Fred W. (NL)

Re: Bad advice?

wrote:

Quoted text here. Click to load it

Avira Antivir Free does not scan e-mails, but Avira Antivir Premium
(Paid) does, see comparison chart:
http://www.free-av.com/en/products/2/avira_antivir_premium.html
("Enhanced email protection for POP3 and SMTP")

- Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm

--
Fred W. (NL)

Re: Bad advice?

FredW wrote:
Quoted text here. Click to load it

The article talks about corrupt databases, I know thunderbird
gets around that. Didn't all the other major email clients start
putting mail in a separate file before it gets put in the
database in case a virus gets picked up?

Re: Bad advice?

On Fri, 01 May 2009 15:41:01 -0400, Alfred Matej

Quoted text here. Click to load it

The article talks about data files and not database files.
Usually there is a data file per folder of you e-mail program.
And Thunderbird behaves just like all other e-mail clients.
(and does not "get around".)

I know of no e-mail program that puts an individual e-mail in a separate
file, before adding that email to a data file of e-mails.
(and the INbox is also a data file.)

--
Fred W. (NL)

Re: Bad advice?

FredW wrote:
Quoted text here. Click to load it

In thunderbird, if you go into options ---> privacy --->
Antivirus, that option will download each message individually
into a separate file before the msg is stored into the database.
That was their solution to the problem.

Re: Bad advice?

On Fri, 01 May 2009 16:28:31 -0400, Alfred Matej

Quoted text here. Click to load it


In Tools/Options/Privacy/Anti-Virus is stated:
"Thunderbird can make it easy for anti-virus software to analyze
incoming mail messages for viruses before they are stored locally."

And then you can choose:
"Allow anti-virus clients to quarantine individual incoming messages"

Nowhere is said where the "incoming messages" are *temporarily* kept
(let alone in a separate file), before they are put in your IN-Box.

--
Fred W. (NL)

Re: Bad advice?

FredW wrote:
Quoted text here. Click to load it


It doesn't say that within Thunderbird, but it is discussed in
MozillaZine. Here is the link to the article:

http://kb.mozillazine.org/Download_each_e-mail_to_a_separate_file_before_adding_to_Inbox

Quoted text here. Click to load it
message from a POP3 account to a separate, temporary file before appending the
message to the Inbox file. There will be one temporary file per message, and the
temporary file will later be deleted.
Quoted text here. Click to load it
deleting or quarantining the entire Thunderbird Inbox when scanning incoming
mail instead of taking action on just a single infected message. Especially for
antivirus programs that have compatability issues with Thunderbird, temporarily
saving each e-mail message as a separate file should make it easier for infected
messages to be quarantined, with less risk that the entire Inbox will get locked
up.

Re: Bad advice?

Quoted text here. Click to load it

Always ask. Automatic actions other than ask are just asking for
trouble. Exclusions are of course up to you, but if everyone excluded
some known directory from malware scanning software - malware would soon
be written to take advantage of that situation.

Quoted text here. Click to load it

A case of AV scanning containers. :o(

Quoted text here. Click to load it

Attachments would be scanned, when detached, by the on access scanner.
IOW when the active content is removed from the container and placed in
a file (or when said file is next accessed after the file had been
created).



Site Timeline