AVs that scan incoming e-mail

  • Thread starter Thread starter Box
  • Start date Start date
B

Box

Which anti-virus programs are capable of scanning incoming e-mails (like
those being downloaded from POP3 boxes) for viruses/trojans? All I know,
according to what I've seen, is that F-Prot and F-Secure Anti Virus 2003
do not do this.

And of those which do, which also monitor the web pages being viewed in
browsers for viruses/trojans/worms that get auto-executed through any
of Microsoft's endless ActiveX security holes?

I've never understood how AV products can "intercept" what browsers and
e-mail clients are downloading. Do they function like packet sniffers,
simply watching data passing into your sockets on their way to said
clients? Or do they hook into the clients themselves at the "API level"?
(If the latter, does that mean most AV products won't be able to "scan"
web pages/e-mails when it comes to non-IE/Outlook web/mail clients like
Opera and Netscape?)

Sorry for asking questions that have probably been asked 1,000,000 times.
 
Box said:
Which anti-virus programs are capable of scanning incoming e-mails (like
those being downloaded from POP3 boxes) for viruses/trojans? All I know,
according to what I've seen, is that F-Prot and F-Secure Anti Virus 2003
do not do this.
Click to expand...

Nod 32
 
All I know, according to what I've seen, is that F-Prot and F-Secure Anti
Virus 2003 do not do this.

ETrust EZ also does NOT scan incoming email. (Shame, because it is an
excellent AV otherwise, IMHO).
 
Which anti-virus programs are capable of scanning incoming e-mails (like
those being downloaded from POP3 boxes) for viruses/trojans? All I know,
according to what I've seen, is that F-Prot and F-Secure Anti Virus 2003
do not do this.
Click to expand...


Nod32 does.
 
Virus 2003 do not do this.

ETrust EZ also does NOT scan incoming email. (Shame, because it is an
excellent AV otherwise, IMHO).
Click to expand...

True, but as soon as the virus tries to do anything, the realtime
scanner blocks it. I've been running EZ Antivirus since the free IPE
days and never had a virus get past it.

Mike
 
True, but as soon as the virus tries to do anything, the realtime
scanner blocks it. I've been running EZ Antivirus since the free IPE
days and never had a virus get past it.

Mike
Click to expand...

For most of the viruses, this is true. However;

I've seen them get past eTrust InoculateIt 6.0. If they are the type
that run in the preview pane, InoculateIT detects it and blocks it on
the temp dir, but it's too late - the virus has already ran and is in
memory at this point.

Same thing with the FriendCard trojan. Sure, Inoculan detected it and
stoped it in the IE cache, but at that point the software was in
memory and was already running and sent out the e-mails.

A little testing, and 7.0 seems to do a better job. But I didn't do
enough testing to make a good determination.

We have other antivirus software running for HTTP/FTP/SMTP scanning -
but were talking a lot more $ than what you'd want to pay for a single
station.

PC-Cillen does e-mail & web and Norton does HTTP/POP3/SMTP/IM. Easy
way to state how they work is transparent proxy. New services that
you'll have to allow through ZoneAlarm. Although you get the added
SMTP scanning, you now have a SMTP/HTTP/Pop3 proxy running on your
machine that is approved internet access in ZoneAlarm. If a new worm
gets on your PC that there are no patterns for, you normally get
notified if it tries to access the net. What happens in this proxy
setup? Does it just go on out because the transparent proxy is
approved in ZA?
 
Back
Top