Re: Coincidence, paranoia or malware?

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

On Mon, 8 May 2006 09:41:49 -0600, "Wesley Vogel"

The Other E-Mail Threat: File Corruption in Outlook Express
Published: November 18, 2004 Tom Koch
http://www.microsoft.com/windows/IE/community/columns/filecorruption.mspx

[[As surprising and ironic as it may seem though, the most common cause of
DBX corruption is not a virus, but rather anti-virus programs that are
configured to scan incoming or outgoing e-mail.

I find a more common scenario is the "full system scan", which finds
signatures within mailboxes and "cleans" these by deleting the files
(and thus entire mailboxes).

The usual problem with av that scans email traffic is failure to get
or send mail due to botched server names, or silent failure to send
mail because the email app disconnects before the av has finished
scanning outgoing material and thus hasn't actually sent it yet.

The last one is nasty, because the email app shows no error; you think
it's sent, your logs tell you it's sent, but it never goes out.

Even the most well-known anti-virus programs have exhibited
this problem from time to time.

R/Even/Especially ;-)

[[Is my computer still protected against viruses if I disable Email
Scanning?

With an email app that...
- doesn't run scripts and other "message" content
- splits attachments out of the mailbox as separate files
....then yes; Eudora is one such email app.

But most email apps hide attachments in mailbox files where av
scanners can't scan or fix them, so scanning the email traffic is your
one desperate attempt to stop new malware being hidden in the mail
stores forever. It doesn't work that well for technical reasons, but
also because the moment the mail arrives is the moment when the
malware is most likely to be too new to detect.

Once malware is hidden in the mailbox, your PC can be actively
infected any time the attachment is "opened" from the email app,
either by user clickery, or automatically via exploit. Whenever this
happens, your av has to be running resident so it can intercept and
scan the file as it is created and/or as it is "opened".

Disabling Email Scanning does not leave you unprotected against viruses
that are distributed as email attachments. Norton AntiVirus Auto-Protect
scans incoming files as they are saved to your hard drive, including email
and email attachments.

When it's running.



--------------- ----- ---- --- -- - - -
Tech Support: The guys who follow the
'Parade of New Products' with a shovel.
--------------- ----- ---- --- -- - - -
.

Relevant Pages

  • Re: Virus/adware/spyware -- is there all-in-one protection in one program?
    ... Same sort of problems arise when user changes email app, ISP, or both ... This isn't something I'd expect from an av that's interposing within ... it deletes is not just one "message" but an entire mailbox. ... creating them elsewhere as loose files. ...
    (microsoft.public.security)
  • Re: Virus/adware/spyware -- is there all-in-one protection in one program?
    ... Same sort of problems arise when user changes email app, ISP, or both ... This isn't something I'd expect from an av that's interposing within ... it deletes is not just one "message" but an entire mailbox. ... creating them elsewhere as loose files. ...
    (microsoft.public.security.virus)
  • Re: Email scanning AVG
    ... If you have an email app that... ... in the attachments, and the attachments will be scanned as they are ... where they can never be scanned again, then email scanning is the only ... opportunity you have to prevent malware being hidden in the mailbox. ...
    (microsoft.public.security.virus)