cpollock
Premium
join:2003-12-01
Copperas Cove, TX
 ·Embarq
| Embarq does 'NOT' scan .zip archives for virus's
I received a very blatant spam message the other day, in fact it went to my 'failed' folder. The message was:
Dear user cpollock@embarqmail.com,
We have found that your email account was used to send a huge amount of unsolicited commercial e-mail during the recent week.
We suspect that your computer was compromised and now runs a trojaned proxy server.
We recommend that you follow our instruction in order to keep your computer safe.
Virtually yours,
embarqmail.com technical support team.
Now this message also contained an attachment:
embarqmail.com.zip
I scanned it with ClamAV just for the heck of it and lo and behold it contained the:
stream: Worm.Mydoom.M FOUND
----------- SCAN SUMMARY -----------
Infected files: 1
Time: 0.145 sec (0 m 0 s)
So, I asked of my embarq contact just why didn't embarq's virus scanner pick this up, his reply was a bit disturbing:
"I actually got a reply rather quickly on this one and the response is that we do not scan inside .zip files."
Now why in the world doesn't a major ISP virus scanning software scan inside of archive, .zip files inside incoming mail for virus's? Even my Spamassassin setup with the ClamAv plugin does that, in fact it caught it:
X-Spam-Virus: Yes (Worm.Mydoom.M)
So Embarq techs or postmaster or whomever else from embarq reads this, why are .zip or any archive files not scanned for virus's? Not that they would do anything on my Linux box however, I'd think that Window's users would want to be protected.
|
|
Hazy Arc
join:2006-04-10
Greenwood, SC
·Embarq
 ·Verizon Wireless B..
 ·Dish Network
 ·Northland Cable Te..
edit:
July 18th, @07:12PM
| It is not the responsibility of ISPs to ensure YOUR computer is safe from viruses/malware/etc. This falls squarely on the user. Most ISPs provide a quick, simple scan of incoming e-mail attachments as a convenience to you...as such, it is provided "as-is" and comes with no guarantees. |
|
cpollock
Premium
join:2003-12-01
Copperas Cove, TX
·Embarq
| said by Hazy Arc  :It is not the responsibility of ISPs to ensure YOUR computer is safe from viruses/malware/etc. This falls squarely on the user. Most ISPs provide a quick, simple scan of incoming e-mail attachments as a convenience to you...as such, it is provided "as-is" and comes with no guarantees. You're right, it is the end users responsibility, however, I thought that embarq/synacor scanned mail going through their servers for both spam and malware. |
|
hazezilla
join:2006-02-19 | reply to cpollock
The Question is how much snooping in to your
mail do you want?
I think most people would do their own scanning
to avoid snooping.
An ISP can also scan your E Mail for content how much
inspecting and snooping is enough?
|
|
cpollock
Premium
join:2003-12-01
Copperas Cove, TX
·Embarq
| I don't consider scanning incoming mail for malware/phishing or any other type of virus snooping. What would happen if you, as a windows user, were a newbie to the internet/email and clicked on a piece of malware and your hard drive was totally wasted, or your computer suddenly became part of a botnet, who would you blame. Sure, you could blame yourself after a bit because you were too new to setup anti-virus software or didn't set it up correctly, but in the meantime if Embarq was scanning incoming email for malware it would more than likely have been caught. IIRC, Earthlink used to scan on the server side, at least you could control the virus blocker on or off. As an example, I received this in my 'failed' message box this morning:
X-BINDING: md09.embarq.synacor.com
X_CMAE_Category: 0,0 Undefined,Undefined
X-CNFS-Analysis: v=1.0 c=1 a=s-KJg96a_BzWNouguCsA:9 a=UklIj_t1wuKXnXZkX3FffRi0xYYA:4 a=cvn8laQl214A:10 a=XF7b4UCPwd8A:10 a=Isv2ULrBwwhEL1U4ABoA:9 a=id-SII9Cy0JEnm6UDGR5ayDOe7YA:4 a=EeeIFEQnO00A:10 a=AX6u52eIfXoA:10
X-CM-Score: 0
X-Scanned-by: Cloudmark Authority Engine
Authentication-Results: spam03.embarq.synacor.com smtp.mail=postmaster@embarqmail.com; spf=neutral
Received-SPF: neutral (spam03.embarq.synacor.com: 89.204.196.16 is neither permitted nor denied by domain of embarqmail.com)
Received: from pop.embarq.synacor.com [208.47.184.129]
by localhost.localdomain with POP3 (fetchmail-6.3.8)
for (single-drop); Mon, 21 Jul 2008 05:32:30 -0500 (CDT)
Received: from [89.204.196.16] ([89.204.196.16:3083] helo=embarqmail.com)
by smtp.embarq.synacor.com (envelope-from )
(ecelerity 2.2.1.28 r(22594)) with ESMTP
id 9E/59-13724-3B564884; Mon, 21 Jul 2008 06:32:26 -0400
From: "Mail Delivery Subsystem" postmaster@embarqmail.com
Message-ID: 9E.59.13724.3B564884@spam03.embarq.synacor.com
To: cpollock@embarqmail.com
Subject:
Date: Mon, 21 Jul 2008 11:32:22 +0100
MIME-Version: 1.0
Content-Type: multipart/mixed;
boundary="----=_NextPart_000_0012_8E45433C.B4C00C89"
X-Priority: 3
X-MSMail-Priority: Normal
X-Mailer: Microsoft Outlook Express 6.00.2600.0000
X-MIMEOLE: Produced By Microsoft MimeOLE V6.00.2600.0000
X-SenderIP: 89.204.196.16
X-ASN: ASN-13280
X-CIDR: 89.204.192.0/21
X-UID: 31560
X-Length: 46322
The original message was received at Mon, 21 Jul 2008 11:32:22 +0100
from 29.141.182.117
----- The following addresses had permanent fatal errors ----- cpollock@embarqmail.com
----- Transcript of the session follows -----
... while talking to 110.181.205.153:
550 5.1.2 cpollock@embarqmail.com... Host unknown (Name server: host not found)
Ya know what, it was infected with Worm.Mydoom.M. Notice that the Cloudmark score was X-CM-Score: 0. Now if I was a newbie and I saw this From: address:
From: "Mail Delivery Subsystem" postmaster@embarqmail.com
Don't you think I'd click on the attachment to see what the heck was going on? NOTE: this is not a rant, I'm just trying to understand 'why' embarq doesn't scan for malware.
BTW - I received another Worm.Mydoom.M message today
From: "Post Office" noreply@embarqmail.com. |
|
