Incoming & outgoing emails

  • Thread starter Thread starter Tass
  • Start date Start date
This link http://www.download.com/8301-2007_4-9919454-12.html claims the
free version does check outgoing mail. Seems to me without it there is
no protection if a user simply forwards an attachment without opening it
first. I don't know the details, but I recently installed Elements 6 and
no protection if a user simply forwards an attachment without opening it
first. I don't know the details, but I recently installed Elements 6 and
it took 10 secs to import an image using AVG 8. In addition, the first
time I would open certain folders in windows explorer I would wait a few
seconds for the panel to display.
With Avira, my image load time in Elements is halved and windows
explorer exhibits no delay. AVG 7 never slowed my system. I would highly
recommend Avira.
Dave Cohen
Click to expand...

All:

This might help confirm if your installed antimalware application checks
outbound email:

As a test, create the eicar.com benign antimalware test file.

<http://www.eicar.org/anti_virus_test_file.htm>

Then try emailing it.

Pete
 
1PW said:
All:

This might help confirm if your installed antimalware application
checks
outbound email:

As a test, create the eicar.com benign antimalware test file.

<http://www.eicar.org/anti_virus_test_file.htm>

Then try emailing it.
Click to expand...

Hi 1PW. Just tried this - and "might" was a good choice. :o)

I pasted the string into notepad and saved as eicar.com (after telling
AntiVir to ignore the fact that it should be detected as malware). I
then created an e-mail in OE and navigated to the file in order to
select to attach it (again telling AntiVir to ignore it). I then needed
to actually choose it (again AntiVir). I then addressed it to myself and
hit send (again telling AntiVir to ignore).

I later received this evidently from my provider:


This message has been processed by Symantec's AntiVirus Technology.

eicar.com was infected with the malicious virus EICAR Test String and
has been deleted because the file cannot be cleaned.


For more information on antivirus tips and technology, visit
http://ses.symantec.com/

Still don't know if the final "send" alert was triggered by the opening
of the file to actually attach to the e-mail.

My AntiVir logged four instances of this exact (except for the exxes)
event.

Virus or unwanted program 'Eicar-Test-Signature [virus]'
detected in file 'C:\Documents and Settings\xxxx\My Documents\eicar.com.
Action performed: Allow access

All seem to me to be file access related alerts by "Guard".
 
On 03/09/2009 06:01 AM, FromTheRafters sent:

Major snipage...
All:

This might help confirm if your installed antimalware application
checks
outbound email:

As a test, create the eicar.com benign antimalware test file.

<http://www.eicar.org/anti_virus_test_file.htm>

Then try emailing it.
Click to expand...

Hi 1PW. Just tried this - and "might" was a good choice. :o)

I pasted the string into notepad and saved as eicar.com (after telling
AntiVir to ignore the fact that it should be detected as malware). I
then created an e-mail in OE and navigated to the file in order to
select to attach it (again telling AntiVir to ignore it). I then needed
to actually choose it (again AntiVir). I then addressed it to myself and
hit send (again telling AntiVir to ignore).

I later received this evidently from my provider:


This message has been processed by Symantec's AntiVirus Technology.

eicar.com was infected with the malicious virus EICAR Test String and
has been deleted because the file cannot be cleaned.


For more information on antivirus tips and technology, visit
http://ses.symantec.com/

Still don't know if the final "send" alert was triggered by the opening
of the file to actually attach to the e-mail.

My AntiVir logged four instances of this exact (except for the exxes)
event.

Virus or unwanted program 'Eicar-Test-Signature [virus]'
detected in file 'C:\Documents and Settings\xxxx\My Documents\eicar.com.
Action performed: Allow access

All seem to me to be file access related alerts by "Guard".
Click to expand...

Hi FTR:

Interesting huh?

As another 'exercise', you might try uploading the benign eicar.com file
to these:

<http://www.virustotal.com/>

<http://virusscan.jotti.org/>

Pete
 
1PW said:
On 03/09/2009 06:01 AM, FromTheRafters sent:

Major snipage...
All:

This might help confirm if your installed antimalware application
checks
outbound email:

As a test, create the eicar.com benign antimalware test file.

<http://www.eicar.org/anti_virus_test_file.htm>

Then try emailing it.
Click to expand...

Hi 1PW. Just tried this - and "might" was a good choice. :o)

I pasted the string into notepad and saved as eicar.com (after
telling
AntiVir to ignore the fact that it should be detected as malware). I
then created an e-mail in OE and navigated to the file in order to
select to attach it (again telling AntiVir to ignore it). I then
needed
to actually choose it (again AntiVir). I then addressed it to myself
and
hit send (again telling AntiVir to ignore).

I later received this evidently from my provider:


This message has been processed by Symantec's AntiVirus Technology.

eicar.com was infected with the malicious virus EICAR Test String and
has been deleted because the file cannot be cleaned.


For more information on antivirus tips and technology, visit
http://ses.symantec.com/

Still don't know if the final "send" alert was triggered by the
opening
of the file to actually attach to the e-mail.

My AntiVir logged four instances of this exact (except for the exxes)
event.

Virus or unwanted program 'Eicar-Test-Signature [virus]'
detected in file 'C:\Documents and Settings\xxxx\My
Documents\eicar.com.
Action performed: Allow access

All seem to me to be file access related alerts by "Guard".
Click to expand...

Hi FTR:

Interesting huh?

As another 'exercise', you might try uploading the benign eicar.com
file
to these:

<http://www.virustotal.com/>

<http://virusscan.jotti.org/>
Click to expand...

I don't see the point in that. However, from the last exercise I might
conclude that had my AV used an outgoing e-mail scanner it would have
given me a fifth alert (one from that module) *if* it was able to
intercept the SMTP send. I may have someone send me the EICAR in an
e-mail and then I can forward it somewhere to see that result. Any
e-mail scanner should be able to detect e-mail contained malware in
transit.
 
1PW said:
On 03/09/2009 06:01 AM, FromTheRafters sent:

Major snipage...
All:

This might help confirm if your installed antimalware application
checks
outbound email:

As a test, create the eicar.com benign antimalware test file.

<http://www.eicar.org/anti_virus_test_file.htm>

Then try emailing it.
Hi 1PW. Just tried this - and "might" was a good choice. :o)

I pasted the string into notepad and saved as eicar.com (after
telling
AntiVir to ignore the fact that it should be detected as malware). I
then created an e-mail in OE and navigated to the file in order to
select to attach it (again telling AntiVir to ignore it). I then
needed
to actually choose it (again AntiVir). I then addressed it to myself
and
hit send (again telling AntiVir to ignore).

I later received this evidently from my provider:


This message has been processed by Symantec's AntiVirus Technology.

eicar.com was infected with the malicious virus EICAR Test String and
has been deleted because the file cannot be cleaned.


For more information on antivirus tips and technology, visit
http://ses.symantec.com/

Still don't know if the final "send" alert was triggered by the
opening
of the file to actually attach to the e-mail.

My AntiVir logged four instances of this exact (except for the exxes)
event.

Virus or unwanted program 'Eicar-Test-Signature [virus]'
detected in file 'C:\Documents and Settings\xxxx\My
Documents\eicar.com.
Action performed: Allow access

All seem to me to be file access related alerts by "Guard".
Click to expand...
Hi FTR:

Interesting huh?

As another 'exercise', you might try uploading the benign eicar.com
file
to these:

<http://www.virustotal.com/>

<http://virusscan.jotti.org/>
Click to expand...

I don't see the point in that.
Click to expand...

I was mildly amused by the following:

Prevx1 assessed the eicar.com threat as _mild_. I wonder what it would
take to have been assessed no risk? Jump to here -1? NOP?

AVG Antivirus, which I have respect for, reported: "Found nothing"
However, from the last exercise I might
conclude that had my AV used an outgoing e-mail scanner it would have
given me a fifth alert (one from that module) *if* it was able to
intercept the SMTP send. I may have someone send me the EICAR in an
e-mail and then I can forward it somewhere to see that result.
Click to expand...

I would be happy to assist. However, I'm not sure I could find a
provider that would handle it. Any ideas? I'll play...
However, I'm unable to send an eicar.com attachment through my primary
provider.
Any
e-mail scanner should be able to detect e-mail contained malware in
transit.
Click to expand...

Pete
 
I was mildly amused by the following:

Prevx1 assessed the eicar.com threat as _mild_. I wonder what it
would
take to have been assessed no risk? Jump to here -1? NOP?
Click to expand...

Using EICAR correctly, they would have to treat it as a threat - and
there would be no point in a "no threat" threat category within their
program I suppose.
AVG Antivirus, which I have respect for, reported: "Found nothing"
Click to expand...

I wonder why? I *did* notice the official definition for the string has
changed - it no longer has to be alone, but can be padded with
whitespace beyond the (68 bytes) + cr/lf (70 bytes) for a total length
of 128 bytes.
I would be happy to assist. However, I'm not sure I could find a
provider that would handle it. Any ideas?
Click to expand...

No, since my e-mail provider has demonstrated that they will strip the
dangerous attachment either from my SMTP send or when it receives it on
their POP3 server. I would have to go another route.

Okay, I did a "move to folder" from my "sent items" to my "inbox" and
"forwarded" from there with no AV alert at all.

I'm sure I'll get an ISP sponsored AV stripping still.
 
Back
Top