Why scan email?

  • Thread starter Thread starter njem
  • Start date Start date
N

njem

I'm having a little trouble getting AVG setup to scan incoming email
and I wondered, why bother? If I get an email that is infected won't
the regular scanning see it and stop it when I either open the email
(if it's some kind of active email) or when I open or run the
attachment?

Thanks
 
njem said:
I'm having a little trouble getting AVG setup to scan incoming email
and I wondered, why bother? If I get an email that is infected won't
the regular scanning see it and stop it when I either open the email
(if it's some kind of active email) or when I open or run the
attachment?
Click to expand...

Yes, scanning Incoming (and Outgoing) mail is superfluous. Your
real-time scanner will alert you if you try to open/save/execute any
malware.

You are further protected by using a modern, secure email client and set
it to read (and send) only in Plain Text.
 
I'm having a little trouble getting AVG setup to scan incoming email
and I wondered, why bother? If I get an email that is infected won't
the regular scanning see it and stop it when I either open the email
(if it's some kind of active email) or when I open or run the
attachment?
Click to expand...

You're right about the sillyness of email scanning but wrong in your
alternative approach. The safest way to go about it is:

1. Use a decent email app such as Thunderbird or Pegasus
They don't allow users to Run email attackments.
2. Simply delete all unsolicited email attackments.
3. Attachments you believe are probably OK can be Saved
to a test folder and scanned later on-demand before
Running them or Opening them. Give some time (days)
before you scan and Run attachments to give time for
your av product to develop detection of new malware.
4. DO NOT TRUST ANY AV!!! Use your head instead :)
5. Make a alternate browser such as Firefox or Opera
the system default browser because of clickable links
in email. Such email attacks are usually aimed at IE.

Art
http://home.epix.net/~artnpeg
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
I'm having a little trouble getting AVG setup to scan incoming email
and I wondered, why bother?
Click to expand...

Security is something that should be set in layers. On-access anti-virus
scanning is probably the more complex, and hence likely to fail, part of an
anti-virus product's features. If it always checks incoming email as a
separate process then you have that layer to fall back on.

Also depending on how stupid your anti-virus is, if it doesn't remove a
virus from an email and then sees the email client saving the attachment to
it's mailbox it could delete or corrupt that mailbox which would make one
rather unhappy!

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.2.2 (MingW32)

iD8DBQFEltj47uRVdtPsXDkRAh2DAJ4ldtnx5Q+ftpijMCejbAtjQrtGvACfS0H3
tissMOsf8HmLnk816zGi0UA=
=yp+H
-----END PGP SIGNATURE-----
 
njem said:
I'm having a little trouble getting AVG setup to scan incoming email
and I wondered, why bother? If I get an email that is infected won't
the regular scanning see it and stop it when I either open the email
(if it's some kind of active email) or when I open or run the
attachment?
Click to expand...

Scanning email is not much needed, for the reason you state. But something
can be said for the "proxy" aspect of the implementation some AVs use
to scan email. Exploit code aimed at the client software and its environment
can be stopped by scanning email at the proxy intermediary.
 
Back
Top