G
gufus
Hello, All!
Whets the pro's/con's to scanning email?
Whets the pro's/con's to scanning email?
F
FromTheRafters
gufus said:
Pro = there is a very slight outside chance that a malware exploit that
attacks through the e-mail client itself will be stopped prior to
reaching any vulnerable code.
Con = it adds unnecessary overhead with too little to gain.
It can can cause delays that affect services (such as server time-outs
and possibly other race conditions) when it takes too long to scan an
item. The very slight chance above, would also apply to the scanner
software now that *it* is the software directly exposed to the incoming
data then *it* also has the slight outside chance that malware could be
written to exploit *it*.
F
FromTheRafters
gufus said:
I'm remembering the decompression algorthms that were being attacked
some years ago. Add that to the new placement of the scanner, and
autoworms likely could have been written instead of just exploit based
trojans.
Exploits aside, it is often noted that malware within the e-mail
container would likely be caught by the AV's on access scanner once it
was removed from the container and about to be written to the disk as a
file. Some AVs might have different settings such as higher heuristics
allowance when the engine is involved in e-mail scanning (it *might*
catch what the on access scan *might* miss), so YMMV in that case.
I wouldn't bother with e-mail scanning myself, but there *are* advocates
(they probably have been listening to too many marketing types).
P
(PeteCresswell)
Per FromTheRafters:
I had a machine totaled out by a particularly nasty virus (can't
recall the name) when the user managed to click the virus
warning's "Don't Do Anything" button - so now I'm a confirmed
believer.
I had a machine totaled out by a particularly nasty virus (can't
recall the name) when the user managed to click the virus
warning's "Don't Do Anything" button - so now I'm a confirmed
believer.
F
FromTheRafters
(PeteCresswell) said:
Does an e-mail scanner alert get around the user's tendency to do such
silly things?
D
Dustin
You forgot about the possibility of mailbox corruptions issues. Several
have been documented in the past with outlook/express and various
ANtivirus wanting to scan the email files...
F
FromTheRafters
Dustin said:
I didn't forget, I just neglected to mention it specifically.
)
P
(PeteCresswell)
Per FromTheRafters:
Avast's does not.
However it pops a warning screen with the correct button
pre-selected and the screen is such that the user has to be
*really* intent on defeating it.
Dunno about options - logically there sb an option to disallow
"Ignore" by the user... but I have not checked.
Avast's does not.
However it pops a warning screen with the correct button
pre-selected and the screen is such that the user has to be
*really* intent on defeating it.
Dunno about options - logically there sb an option to disallow
"Ignore" by the user... but I have not checked.
F
FromTheRafters
(PeteCresswell) said:
That's good, it shouldn't be made too easy for users to screw up.
)
P
(PeteCresswell)
Per FromTheRafters:
But let me tell you.... Some of them try *really* hard..... -)
That's good, it shouldn't be made too easy for users to screw up.
But let me tell you.... Some of them try *really* hard..... -)
L
Leythos
I disagree with your CON - I've seen hundreds of computers that are
infected with email bots that, if a proper AV solution was installed and
updated, the malware would not have been able to email itself to others.
Additionally, we install firewall appliances that scan email inbound and
outbound for malware, before they reach the users computers, to remove
it.
L
Leythos
I've used Outlook as an email client for more than a decade, always had
email scanning enabled, and never had an issue with it. We have
thousands of systems using outlook (never used OE) and scan email at the
local client level as well as the servers/firewall, never had a corrupt
Outlook.
Yes, I know that it happens, but I believe it's happening when a person
uses a crappy AV solution and their machine is already screwed.
G
gufus
Hello, Leythos!
You wrote on Wed, 18 Aug 2010 08:06:58 -0400:
L> I've used Outlook as an email client for more than a decade, always had
L> email scanning enabled, and never had an issue with it. We have
Me too... well may not a /decade/
I'm not that old, I've decided to keep email scanning enabled.
You wrote on Wed, 18 Aug 2010 08:06:58 -0400:
L> I've used Outlook as an email client for more than a decade, always had
L> email scanning enabled, and never had an issue with it. We have
Me too... well may not a /decade/
I'm not that old, I've decided to keep email scanning enabled.