Incoming & outgoing emails - Page 2

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

Re: Incoming & outgoing emails

Quoted text here. Click to load it

It looks to me like "Personal" *is* the free version.

Quoted text here. Click to load it

Not to mention corruption issues with a popular e-mail client's message
store.

Quoted text here. Click to load it

...but I don't believe it - and prefer to believe the comments further
down the page.

Quoted text here. Click to load it

...there is also no danger to protect against.

There is, as you know, the possibility that malware can pass through
your system in containers without actually being a danger to you. While
it is noble to want to protect others, they would be better protected by
their own AV than by some reassuring message certifying an e-mail as
being scanned by someone else's AV product that found nothing.

[...]



Re: Incoming & outgoing emails

On 03/08/2009 08:46 AM, Dave Cohen sent:
Quoted text here. Click to load it

All:

This might help confirm if your installed antimalware application checks
outbound email:

As a test, create the eicar.com benign antimalware test file.

     <http://www.eicar.org/anti_virus_test_file.htm

Then try emailing it.

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: Incoming & outgoing emails

Quoted text here. Click to load it

Hi 1PW. Just tried this - and "might" was a good choice. :o)

I pasted the string into notepad and saved as eicar.com (after telling
AntiVir to ignore the fact that it should be detected as malware). I
then created an e-mail in OE and navigated to the file in order to
select to attach it (again telling AntiVir to ignore it). I then needed
to actually choose it (again AntiVir). I then addressed it to myself and
hit send (again telling AntiVir to ignore).

I later received this evidently from my provider:


This message has been processed by Symantec's AntiVirus Technology.

eicar.com was infected with the malicious virus EICAR Test String and
has been deleted because the file cannot be cleaned.


For more information on antivirus tips and technology, visit
http://ses.symantec.com /

Still don't know if the final "send" alert was triggered by the opening
of the file to actually attach to the e-mail.

My AntiVir logged four instances of this exact (except for the exxes)
event.

Virus or unwanted program 'Eicar-Test-Signature [virus]'
detected in file 'C:\Documents and Settings\xxxx\My Documents\eicar.com.
Action performed: Allow access

All seem to me to be file access related alerts by "Guard".




OT Re: Incoming & outgoing emails

On 03/09/2009 06:01 AM, FromTheRafters sent:

Major snipage...

Quoted text here. Click to load it

Hi FTR:

Interesting huh?

As another 'exercise', you might try uploading the benign eicar.com file
to these:

                    <http://www.virustotal.com/

                    <http://virusscan.jotti.org/

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: OT Re: Incoming & outgoing emails


Quoted text here. Click to load it

I don't see the point in that. However, from the last exercise I might
conclude that had my AV used an outgoing e-mail scanner it would have
given me a fifth alert (one from that module) *if* it was able to
intercept the SMTP send. I may have someone send me the EICAR in an
e-mail and then I can forward it somewhere to see that result. Any
e-mail scanner should be able to detect e-mail contained malware in
transit.



Re: OT Re: Incoming & outgoing emails

On 03/09/2009 01:45 PM, FromTheRafters sent:
Quoted text here. Click to load it

I was mildly amused by the following:

Prevx1 assessed the eicar.com threat as _mild_.  I wonder what it would
take to have been assessed no risk?  Jump to here -1?  NOP?

AVG Antivirus, which I have respect for, reported: "Found nothing"

Quoted text here. Click to load it

I would be happy to assist.  However, I'm not sure I could find a
provider that would handle it.  Any ideas?  I'll play...
However, I'm unable to send an eicar.com attachment through my primary
provider.

Quoted text here. Click to load it

Pete
--
1PW  @?6A62?FEH9:DE=6o2@=]4@> [r4o7t]

Re: OT Re: Incoming & outgoing emails



Quoted text here. Click to load it

Using EICAR correctly, they would have to treat it as a threat - and
there would be no point in a "no threat" threat category within their
program I suppose.

Quoted text here. Click to load it

I wonder why? I *did* notice the official definition for the string has
changed - it no longer has to be alone, but can be padded with
whitespace beyond the (68 bytes) + cr/lf (70 bytes) for a total length
of 128 bytes.

Quoted text here. Click to load it

No, since my e-mail provider has demonstrated that they will strip the
dangerous attachment either from my SMTP send or when it receives it on
their POP3 server. I would have to go another route.

Okay, I did a "move to folder" from my "sent items" to my "inbox" and
"forwarded" from there with no AV alert at all.

I'm sure I'll get an ISP sponsored AV stripping still.



Site Timeline