Why scan email?

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I'm having a little trouble getting AVG setup to scan incoming email
and I wondered, why bother? If I get an email that is infected won't
the regular scanning see it and stop it when I either open the email
(if it's some kind of active email) or when I open or run the
attachment?

Thanks


Re: Why scan email?

njem wrote:

Quoted text here. Click to load it

Yes, scanning Incoming (and Outgoing) mail is superfluous. Your
real-time scanner will alert you if you try to open/save/execute any
malware.

You are further protected by using a modern, secure email client and set
it to read (and send) only in Plain Text.

--
   -bts
   -Warning: I brake for lawn deer

Re: Why scan email?


Quoted text here. Click to load it

You're right about the sillyness of email scanning but wrong in your
alternative approach. The safest way to go about it is:

1. Use a decent email app such as Thunderbird or Pegasus
    They don't allow users to Run email attackments.
2. Simply delete all unsolicited email attackments.
3. Attachments you believe are probably OK can be Saved
    to a test folder and scanned later on-demand before
    Running them or Opening them. Give some time (days)
    before you scan and Run attachments to give time for
   your av product to develop detection of new malware.
4. DO NOT TRUST ANY AV!!! Use your head instead :)
5. Make a alternate browser such as Firefox or Opera
   the system default browser because of clickable links
   in email. Such email attacks are usually aimed at IE.

Art
http://home.epix.net/~artnpeg

Re: Why scan email?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

njem wrote:
Quoted text here. Click to load it

Security is something that should be set in layers. On-access anti-virus
scanning is probably the more complex, and hence likely to fail, part of an
anti-virus product's features. If it always checks incoming email as a
separate process then you have that layer to fall back on.

Also depending on how stupid your anti-virus is, if it doesn't remove a
virus from an email and then sees the email client saving the attachment to
it's mailbox it could delete or corrupt that mailbox which would make one
rather unhappy!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)

iD8DBQFEltj47uRVdtPsXDkRAh2DAJ4ldtnx5Q+ftpijMCejbAtjQrtGvACfS0H3
tissMOsf8HmLnk816zGi0UA=
=yp+H
-----END PGP SIGNATURE-----

Re: Why scan email?


Quoted text here. Click to load it

Scanning email is not much needed, for the reason you state. But something
can be said for the "proxy" aspect of the implementation some AVs use
to scan email. Exploit code aimed at the client software and its environment
can be stopped by scanning email at the proxy intermediary.



Site Timeline