dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1571

Cousin Dave
Trendsetter
Premium Member
join:2002-10-29

Cousin Dave

Premium Member

Is an email scanner a "must have"?

I keep outlook express locked down tight.
If I want to open an attachment I can save it and then scan it.
So,is there a real need for your antivirus to scan incoming emails?
Thanks,Dave

Buddel
If it ain't broke, don't fix it.
Premium Member
join:2004-03-06
EU

Buddel

Premium Member

I don't think it is a "must-have", but then again, I fell kind of more secure if my AV scans incoming emails. I don't want to miss it.:)
Bobby_Peru
Premium Member
join:2003-06-16

2 edits

Bobby_Peru to Cousin Dave

Premium Member

to Cousin Dave
As Buddel See Profile has alluded to, "need" is relative. While there may not be a "real need", why not take advantage of the "auto-inspection" of email for potential nasties that an AV can provide to flag and deal with that nastie as soon as it crosses your threshold? This may save you in some situations - If you had gotten distracted and forgot that you had not scanned a file - Of course your real time resident monitor should also be there at that point. For me, the extra steps seem worth while [edit: especially if they are automatic. And then there is Outbound scanning].

jaykaykay
4 Ever Young
MVM
join:2000-04-13
USA

1 recommendation

jaykaykay to Cousin Dave

MVM

to Cousin Dave
To me, it is a "must", but that's personal opinion. I just don't feel that as long as it's there, why not use something for one more layer of security, no matter how secure I feel my system already is. There are just some things I don't feel are necessary to go without, just as I do some things that I feel aren't. An email scanner is necessary for me, personally.

Tom Mc
@rr.com

Tom Mc to Cousin Dave

Anon

to Cousin Dave
For a good competent computer user, it probably does not matter. However, if you have real time scanning of all accessed files (as I believe you should), it is not necessary because if you try to save or activate the attachment, your IV should detect anything the email scanning will detect. For such a good competent user, it might be nice to know at the time of downloading email that a virus is present, but that does not constitute need.

For less knowledgeble and competent users, I use to think that it would be helpful because getting notice of a virus once in awhile would serve as a reminder that the proper precautions (particularly not opening an unexpected attachment) need to be taken. However, I now think the opposite might more likely happen:

It seems that the more naive user will start referring to having received a virus when the email scanning tells them they did. They seem very likely to then wind up concluding that they did not receive a virus unless receiving such notice, and to therefore start thinking that when such a notice is not received, that it is safe to open the attachment. Especially now with all the new viruses/worms that are being widely distributed before AV software venders can update their virus definitions, it seems the end result of doing email virus scanning will probably result in a higher level of infection.

Mats
Here kitty and the chimp. Smash
Premium Member
join:2002-03-16

Mats to Cousin Dave

Premium Member

to Cousin Dave
said by Cousin Dave:
So,is there a real need for your antivirus to scan incoming emails?


NO, there isnt a need for it... but alot of people like having things that they dont really need..

keith2468
Premium Member
join:2001-02-03
Winnipeg, MB

keith2468 to Cousin Dave

Premium Member

to Cousin Dave
KAV 4.5 didn't scan incoming email when you used Outlook Express. It isn't essential.

However, it is convenient. It is a lot easier to keep something out of an email database than to delete it out of an email database.

Another approach is to push your ISP into virus filtering your email.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to Cousin Dave

Premium Member

to Cousin Dave
I don't use an email scanner and haven't for years. I practice safe computing. I never, ever open an email attachment without first saving to disk and scanning with NOD32 advanced heuristics. I use OE, but I have never, ever used preview pane in the years I've had a computer. I use plain text only in OE and any email from an unknown sender gets examined first by looking at properties and reading it safely.

Email scanners are for those who don't practice safe computing. Those who claim that you should use an email scanner because you paid for the antivirus and it came with it thus to get your money's worth you should use it makes little sense. IMON, NOD32's email scanner, is causing numerous problems for some users, at the moment, and Eset has issued several revisions and it still causes serious problems for some. Some can't even use the internet because of IMON's messing with the LSP chain and Winsock.

Before I got NOD32, I had NAV and my ISP, Road Runner, forbid us to use NAV's email scanner. I also had PC-Cillin and that email scanner was also forbidden and it caused horrible problems on my computer even though I wasn't using it but it was installed and parts of it were running in the background. I don't think anyone should use an email scanner. Most major ISPs now scan incoming and outgoing mail anyhow so an email scanner is unneeded and just asking for problems.

EGeezer
Premium Member
join:2002-08-04
Midwest

4 recommendations

EGeezer to Cousin Dave

Premium Member

to Cousin Dave
If you'll never have anyone else use your system who opens email,

if there will never be an exploit that does not require opening an attachment,

if there will never be a virus or malware that is retrieved when an email is received or opened,

if your security settings are always perfect,

if no one or nothing can change those settings,

if your patches are always current and will address any email malware no matter how new,

if you or anyone using your system never makes a mistake and accidentally open an attachment or "trusted" email,

then you might not need to have active email scanning.

We get a lot of email, many with attachments. My experience and that of my clients is that scanning incoming email presents no significant burden or performance hit to desktops or servers, even to my relatively lightweight W98 PII system.

With that in mind, as a consultant I would never recommend to a client not having active email scanning anymore than I would recommend them not wearing a seat belt while in a moving vehicle just because the questioner swears he's a safe driver/passenger and it's legal to go without it.

Keizer
I'M Your Huckleberry
MVM
join:2003-01-20

Keizer to Mats

MVM

to Mats
said by Mats:
said by Cousin Dave:
So,is there a real need for your antivirus to scan incoming emails?


NO, there isnt a need for it... but alot of people like having things that they dont really need..

I can kind of relate, since an AV should catch a virus in an e-mail if it is opened and not previously scanned. I really don't think an e-mail scanner is a "must" to keep you safe. I could go so far as to say that I don't think an onboard AV is a must either. If you are running imaging software, and use online scanners to check your system before creating images, that would be a safe practice that would work fine. You would just have to get yourself on a weekly imaging routine. The safest method would be to create scanned virus free images on an external drive that is not connected to your PC at all times.

Keizer

mers2
Premium Member
join:2004-03-20
USA

mers2 to Cousin Dave

Premium Member

to Cousin Dave
Is it necessary? No. It's just another means of layered security. I prefer to catch things before they get to my email program. I've never had a problem caused by an email scanner and when I help with someone with their system I will recommend they get an av with an email scanner.

EGeezer
Premium Member
join:2002-08-04
Midwest

1 recommendation

EGeezer to Keizer

Premium Member

to Keizer
said by Keizer:
I could go so far as to say that I don't think an onboard AV is a must either. If you are running imaging software, and use online scanners to check your system before creating images, that would be a safe practice that would work fine.
I agree that imaging would provide less complex and quicker recovery once the malware is detected.

However this approach doesn't consider the vulnerability window between the time the infection occurs and the time it's detected by on demand scanners. If the malware, virus or trojan is a keylogger or data capture with a back door for control or upload, login IDs and passwords or other sensitive data would be compromised and distributed to someone who could use it for their own purposes.

Also, in the meantime, self-replicating or distributing malware would be able to distribute itself and continue its function until the user ran the scan that detects and cleans the malware. As we have seen, infection, execution and distribution can happen in seconds so the window presented by only scanning on demand can be more than adequate to allow damage to occur.

Imaging is a good recovery tool, but should not be used in lieu of active preventative applications. Password/login information should be changed after imaging whenever a compromise is suspected.

HTH

EG

marti
Color outside the lines
MVM
join:2001-12-14
Houston, TX

marti to Cousin Dave

MVM

to Cousin Dave
Except for a brief time when I did use an AV with an email scanner (less than a month) I have never used an AV with POP3 scanning capability.

I have never been "infected," but have had the "evil virus" delivered to my inbox from my friends that didn't practice "safe hex." I belong to the "delete and then ask questions club." I don't open any email, from anyone (even my sweet sister) if the subject is "strange."

Now, most of my email provider's do have AV scanners on their servers. However, the bad guys do and will always dump their evil on the world before the AV's update their definitions. Therefore, I suggest that you join the "delete and then ask questions club."
TDS3_User
Premium Member
join:2002-11-23
Australia

TDS3_User

Premium Member

said by marti:
...snip.... I belong to the "delete and then ask questions club." I don't open any email, from anyone (even my sweet sister) if the subject is "strange."

Now, most of my email provider's do have AV scanners on their servers. However, the bad guys do and will always dump their evil on the world before the AV's update their definitions. Therefore, I suggest that you join the "delete and then ask questions club."

YEP!... And the thing I HATE, absolutely HATE the most, is emails from *friends* who have "kindly" forwarded emails, along with all the bloody HEADERS, etc. for one lousy joke, pic, whatever.

INSTANTLY GET DELETED! [and they wonder why I berate them when I see them next, cannot understand that's how your email addy gets around to spammers, etc. Dang!]

I vet mine thru a 3rd party anyway, MailWasher PRO, and if I feel like reading them, it can be done, then delete from server and blacklisting saves a lot of time when the next lot come charging in!

Cheers, TDS

marti
Color outside the lines
MVM
join:2001-12-14
Houston, TX

marti

MVM

I have told my email buddies that I don't want the crap that they forward. Some of them didn't have anything original to say, so they stopped forwarding the crap and stopped sending email at all.
marti

marti

MVM

The subject of forwarded jokes and such doesn't have anything to do with the OP's question. However, the forwarded crap does put your email address in the computer system of many that are not "security response computer owners." Many, if not most of the newer worm/virus/evil cruising through through cyberspace looks for any email address stored on your harddrive, so the "evil" can be sent on to new victims. That email address can be in an email, your address book, or in any file that you have on your harddrive.
Inernetjunky
join:2003-11-07
USA

Inernetjunky to Cousin Dave

Member

to Cousin Dave
Ok, from what I am reading, an e-mail scanner in an AV is not necessary, but a nice extra. I take it this is about incoming e-mail scanners. What about outgoing e-mail scanners? Are they also not necessary but a nice extra? Not too many AVs have outgoing e-mail scanners. NAV, Panda Platinum, AVG Pro, Trend Micro, are the only ones I know about. Is it something one should seriously consider in an AV?

Randy Bell
Premium Member
join:2002-02-24
Santa Clara, CA

Randy Bell

Premium Member

An outgoing scanner isn't essential but it can protect your friends from inadvertently getting sent malware from you. I suppose it theoretically could prevent a worm from propagating itself via SMTP but I'm not sure about that. I believe NAV uses a transparent local proxy that will scan any inbound or outbound email on the standard POP3, SMTP ports. HTH
happin_in
join:2003-09-25
09065

happin_in to marti

Member

to marti
I dont rely on my anti virus ( which is as good as the last update) to protect my mail . Anti virus cannot protect you from all the crud in the mail that arrives. Some thing like benign is good and is specific for email protection . It cannot be unloaded either so that if some one chose to take it off from loading then the mail would not arrive. It handles unknown worms and virus and malware that our anti virus cannot. Its specific for email.

mers2
Premium Member
join:2004-03-20
USA

1 edit

mers2 to Cousin Dave

Premium Member

to Cousin Dave
Slightly OT, but one of my pet peeves is that when people have chosen the option to post with the outgoing message that it was scanned by their AV and one can tell they haven't updated their AV recently. I especially notice this when there is an outbreak of something and I see that people haven't updated their AV in weeks.

Edit to be on topic. I don't consider it necessary as all my incoming email is scanned and my system is cleaned, but I do have outgoing mail scanned.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to Inernetjunky

Premium Member

to Inernetjunky
Add NOD32 to the list that checks outgoing mail if you use IMON, their email scanner. You can choose whether or not to add the message that the outgoing mail has been scanned.

Tom Mc
@rr.com

Tom Mc to Cousin Dave

Anon

to Cousin Dave
I believe my memory is correct, and that Avast lets you chose outgoing scanning, incoming scanning, or both.
Inernetjunky
join:2003-11-07
USA

Inernetjunky to Mele20

Member

to Mele20
quote:
Add NOD32 to the list that checks outgoing mail if you use IMON, their email scanner. You can choose whether or not to add the message that the outgoing mail has been scanned.
Really? I wasn't aware NOD32 had an outgoing mail scanner associated with IMON. I've used the trial version of NOD32 and I didn't see any such option. I thought it only scanned incoming mail. I've seen the scanning message in incoming mail. Where is outgoing scanning option in IMON? How do you configure it? I never saw it. Maybe I didn't look close enough.

Cousin Dave
Trendsetter
Premium Member
join:2002-10-29

1 edit

Cousin Dave

Premium Member

Thanks for all the responses!!
I've been trying several AVs out,some of which don't scan inbound email.
I've never had a virus and with some knowledge & luck maybe I never will.
I wish I had never started having trouble with Norton 2002(Verisign Certs debacle)because it worked great for me and I've been adrift ever since.
Roaming from AV to AV looking for a home.

gkweb
join:2003-06-09
Fort Worth, TX

1 edit

gkweb to Cousin Dave

Member

to Cousin Dave
I didn't see a point above, the reason for why personally for instance I use an email scanner.

To say that the resident protection will catch what the email scanner can catch is partially true in my case.
I use the email scanner to scan all files attached, and to scan within compressed files, all max settings, whereas to save ressources I have set up my resident protection to not scan within archives.

An email scanner allow me to better tune the use of my system ressources.

If i have said "partially" above, this is because when I will open manually the archive, yes the resident protection should detect the virus, but the email scanner is more convenient, it delete the archive, flag the mail as previously infected, and then with my mail client automatically delete the mail, no hassle.

So ressources saving and convenience are two args for the email scanner.

Now, I perfectly agree that it is not "needed" or a "must to have", but I personally wouldn't be without it.

regards,

gkweb.
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20 to Cousin Dave

Premium Member

to Cousin Dave
I have egg on my face. I think I must have left my brain in bed last night. I thought for sure I had read in the NOD32 support forum about IMON having the feature to scan outgoing mail and append a message. I checked just now and ran a search and what turned up but a recent thread I posted in and according to Bandicoot who works for Eset: "SMTP scanning is planned to be a feature of NOD32 in the future... can't give you any specific dates at the moment but it'll be later rather than sooner I'm afraid". The thread is mostly about AMON's lack of powers and that is what I was posting about not about IMON scanning outgoing mail so I only recalled the AMON part of the thread. Plus, there is another thread explaining how to append the message that IMON has scanned the outgoing mail even though it is AMON that scans so I was recalling that thread.

Mats
Here kitty and the chimp. Smash
Premium Member
join:2002-03-16

Mats

Premium Member

said by Mele20:
:( I have egg on my face. I think I must have left my brain in bed last night.
happens alot with you.. think twice before you post
Mele20
Premium Member
join:2001-06-05
Hilo, HI

Mele20

Premium Member

It's called getting older. Happens to the best of us.:D If you haven't experienced it yet...don't worry, it will happen to you one day also.
nbtween
join:2004-06-13
Chicago, IL

nbtween to Mats

Member

to Mats
I get this message every five minutes for about half an hour whenever i sign on lately ****** ATTACKER ACTIVITY REPORT CREATED BY InternetALERT Security Service. ******

An unauthorized entry attempt on this computer was recorded on Sunday Jun 13 2004 at 04:22:57 PM. The following information is provided to help locate the attacker and report him or her to his or her Internet Service Provider for appropriate actions to be taken.

NOTE: BONZI.COM SOFTWARE TAKES NO RESPONSIBILITY FOR ANY ACTIONS, HARMFUL OR NOT TO ANY INDIVIDUAL AS A RESULT OF THE USE OF THIS REPORT OR THE SOFTWARE THAT GENERATED IT.

DATE / TIME OF ATTACK:
Date: Sunday Jun 13 2004
Time: 04:22:57 PM

ATTACKER INFORMATION:
Attacker's IP: 209.109.237.48
Port attacked: 80

ATTACKER'S ISP ADDRESS INFORMATION:
ISP Name:
ISP Street: OrgName: ICG NetAhead, Inc.
ISP City:
ISP State: Inc.
ISP Zip/Postal:
ISP Country: OrgName: ICG NetAhead, Inc.

ATTACKER'S ISP ADMINISTRATOR CONTACT INFORMATION:
Admin Email: ip_admin@icgcomm.com
Admin Phone: TechPhone: +1-303-414-5000

Information above is provided by Internic WhoIs services. This information represents the best match for the cause of this intrusion, and may or may not be correct.

My computer screams (until I shut the alarm off) then displays the "attack notification" message over whatever I'm trying to do at the moment. What a hassle! But i appreciate the protection even though the interruptions are aggravating. Peace to all.
nbtween:)
kpatz
MY HEAD A SPLODE
Premium Member
join:2003-06-13
Manchester, NH

kpatz

Premium Member

I feel safer, and "cleaner" (sounds like a soap ad), if viruses are removed from email attachments before they hit my inbox. Therefore, I feel an email scanner is a Really Good Thing(tm). I tend to be a pack rat, and I rarely delete emails from OE, so if an infected email were to slip through and I didn't delete it right away, it could conceivably bite me down the road if my AV defenses were out of commission for some reason (say I uninstalled one AV in preparation for installing another, or temporarily disabled the RTM and forgot to turn it back on). But with the POP3 scanner, or incoming mail scanner on my SMTP box, the email is safe, even if I forget to delete it and open it later on without any realtime protection.

Although in my case, even though I would never open a suspicious attachment, and my AV (without the POP3 scanner) should in theory detect the infection if I did attempt to detach it. I like the added layer of protection. And for my wife, who wouldn't know a virus email from a hole in the wall, if my email server didn't add "VIRUS DETECTED" to the subject line.

So, although an email scanner isn't necessarily a "MUST" like AV protection in general is, I think it's a "SHOULD". Especially since email is where most infections are coming from, at least in my case.