Email Real Time Scanners

  • Thread starter Thread starter Frankster
  • Start date Start date
F

Frankster

What is the benefit (or pros/cons) of running an email scanner (or enabling
the email scanning feature of your AV software) instead of just allowing
your AV real-time scanner to detect problems if and when someone clicks on
an infected attachment?

I have my own opinions, and reasons, but I will withhold my view for a
while.

How 'bout it?

-Frank
 
From: "Frankster" <[email protected]>

| What is the benefit (or pros/cons) of running an email scanner (or enabling
| the email scanning feature of your AV software) instead of just allowing
| your AV real-time scanner to detect problems if and when someone clicks on
| an infected attachment?
|
| I have my own opinions, and reasons, but I will withhold my view for a
| while.
|
| How 'bout it?
|
| -Frank
|

There is never a need to scan outgoing. Scanning incoming will depend on the email client.
If you are in an office environemnt usinh MS Office Outlook then MAPI scanning of email is
goot or if if using Lotus Notes and a VIM compliant AV application. The will help detect
Phishing email and other type of email where there is not attachment, the email content is
itseld the payload. However, most POP3/IMAP email clients don't need to scan incoming email
and in some cases, like with Outlook Express, it can cause problems with the email
application.
 
Frankster said:
What is the benefit (or pros/cons) of running an email scanner (or enabling
the email scanning feature of your AV software) instead of just allowing
your AV real-time scanner to detect problems if and when someone clicks on
an infected attachment?

I have my own opinions, and reasons, but I will withhold my view for a
while.

How 'bout it?

-Frank
Click to expand...
Well, if you're dying to learn if any of the mail being downloaded to
your mailbox contains malware, email scanning *may* tell you. OTOH, it
*may not*. Therefore, instead of providing real security, it could give
a false sense of being secure.I prefer to scan my mail headers at the
server (visually-not with AV software)to see what the hell is of any
importance to me and delete the rest, before it even hits my mailbox.
I'm going to guess that 98% of malware contained in emails comes from
sources you aren't at all familiar with.
 
Frankster said:
What is the benefit (or pros/cons) of running an email scanner (or
enabling the email scanning feature of your AV software) instead of just
allowing your AV real-time scanner to detect problems if and when someone
clicks on an infected attachment?

I have my own opinions, and reasons, but I will withhold my view for a
while.

How 'bout it?
Click to expand...

The bottom line is not to let the infected email reach the machine. That's
what the AV scanner that I use does when it detects an email with a virus is
it allows me to terminate the connection with the POP3 server leaving the
email at the POP3 server. Then I can use an email viewer/filter and delete
the email at the POP3 server. It never reaches the machine.

Duane :)
 
Frankster said:
What is the benefit (or pros/cons) of running an email scanner (or enabling
the email scanning feature of your AV software) instead of just allowing
your AV real-time scanner to detect problems if and when someone clicks on
an infected attachment?
Click to expand...

Clicking an attachment is not the only way to take a hit. Some future worm
may attack your mail client's coding flaw, so it is nice to have a scan prior
to email hitting the mail client. While viruses don't need coding flaws, they
can be carried by worms.
I have my own opinions, and reasons, but I will withhold my view for a
while.

How 'bout it?
Click to expand...

Generally, they're useless (redundant) if you have regular on access AV
running (except as noted above).
 
Generally, they're useless (redundant) if you have regular
on access AV running (except as noted above).
Click to expand...

I agree. And I'm not so sure about those things "noted above" either.

This is one of those areas where the "cure" is much worse than the
"disease", IMHO.

-Frank
 
Frankster said:
I agree. And I'm not so sure about those things "noted above" either.
Click to expand...

Exactly! An exploit based worm could just as easily attack the AV such
as the case where certain malformed archive files could overflow a buffer
and allow remote code execution. Scanning email automatically, and within
archive files, just about begs for a zipworm. Aside from viruses and other
trojans, your greatest malware threat comes from software exploits. More
software hardly ever works to mitigate this, in fact it aggravates.
This is one of those areas where the "cure" is much worse than the
"disease", IMHO.
Click to expand...

You mean like personal (software) firewalls? <G>
 
Back
Top