Re: Virus check of incoming e-mail

From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 01/15/05

• Next message: Joan and Alan: "Email"
• Previous message: Alias: "Re: Virus check of incoming e-mail"
• In reply to: Alias: "Re: Virus check of incoming e-mail"
• Next in thread: Charlie Tame: "Re: Virus check of incoming e-mail"
• Reply: Charlie Tame: "Re: Virus check of incoming e-mail"
• Messages sorted by: [ date ] [ thread ]

Date: Sat, 15 Jan 2005 11:34:58 -0500

I read that and the referring Symantec article on outbound scanning with NAV v2002. Noone
should be using 2002 as it is out of date. As for ther McAfee section it refers to corp.
v4.5.1 and was correcpted with SP1 and that was superceded by McAfee v7.x and subsequently
v8.0i. Albeit, v4.5.1 can be used for Win9x/ME and v7 ~ v8 is not.

As for the very GENERIC statement on DBX corruption, it does not get technical as to what AV
software (Symantec, Mcafee, NOD32, AVG, KAV, AtiVir, ClamAV, eTrust, BitDefender, etc) has
problems. It too is very broad and is an opinion by T. Koch and not an actual MS KB
article.

As for the staement that you are still protected, that is partially true. When you open an
email message that has an attachment, to launch or save the attamnet it has to be extracted
from from the body of the email message. As it is extracted it is saved to the TEMP
directory or to the IE Cache. As the file is being saved the "On Access" scanner of the AV
software will scan the file and if it is infected, will be blocked from being written.

However, if the email message is using an IE/OE exploit, then an attachment is NOT the
infector, the email message body is and just viewing the message using the exploit on an
unpatcched system can cause infection. The "On Access" cabilities are even used is a no
disk file was ever attempted to be written. A good exmple of an email message exploit could
be using "Exploit-HelpZonePass". And we all know that MS software is full of
vulnerabilities. many have been patched but not all and all you need is one.

I remeber an employee receiving an email puported to be from CitiBank. It was not and by
scanning the file in the inbox the email was causght by McAfee and flagged as
"Phish-BankFraud.eml". Now this wasn't a virus but it still could have disasterous effects
from that employee if she had a CitBank account and assumed the message to be real. Since
the body of the email was the malware, there was no disk file to be saved for "On Access" to
catch.

Now if OE has such problems with AV applications then it is an OE problem and then OE should
be fixed. Personnaly I use McAfee AV software and Pegasus Mail. McAfee ONLY uses MAPI
and/or VIM and does NOT provide an email POP3 proxy scanning capability.

AVG has been using with IE/OE successfully by numerous users and it does NOT suffere from an
maladya as described. The only problem is that BS added text certifying the email or News
Group post is virus free. It is BS becuase we all know that it is impossible to declare a
certification of being virus free.

-- 
Dave
"Alias" <aka@maskedandanonymous.com> wrote in message news:34sssoF4f57uhU1@individual.net...
|
| "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
| news:%23bUXjqx%23EHA.1524@TK2MSFTNGP09.phx.gbl...
| :I just love anonymous posters who can't back up a claim with anything more
| than "You're
| : still wrong".
| :
| : Please provide the MS KB article and Symantec article to support you
| claim.
| :
| : -- 
| : Dave
|
| Third time:
|
| From:
| http://www.microsoft.com/windows/IE/community/columns/filecorruption.mspx
|
| "Viral Irony: The Most Common Cause of Corruption
| When encountering the symptoms of DBX corruption, many people immediately
| fear that their computer is infected with a virus. As surprising and ironic
| as it may seem though, the most common cause of DBX corruption is not a
| virus, but rather anti-virus programs that are configured to scan incoming
| or outgoing e-mail. Even the most well-known anti-virus programs have
| exhibited this problem from time to time. To lessen the risk of such
| corruption you should disable the e-mail scanning module in your anti-virus
| program. This is usually easy to do by looking at the user-configurable
| options in the anti-virus program. It is not at all necessary to scan e-mail
| for viruses to protect your computer.
|
| Now before you dismiss me as mad, let me explain why e-mail scanning is
| unnecessary. Almost every anti-virus program for Windows installs by default
| a system scan that runs in the background every time Windows starts. This
| scan is necessary to protect your computer. If you receive a virus in an
| e-mail attachment, the virus cannot do anything at all until you actually
| open the attachment. At that time Outlook Express extracts the attachment
| from the message and saves it to the Temporary Internet Files folder on your
| hard disk and attempts to open the file. And it is precisely at that moment
| that a background system scan will detect the virus, provided it is able to
| do so, and stop the virus from executing. The system scan will usually
| delete the infected file from the Temporary Internet Files folder, or else
| move it to quarantine. To remove the infected e-mail message in Outlook
| Express, simply hold the Shift key while you press the Delete key. That's
| all it takes to keep your computer safe, both from e-mail viruses and e-mail
| anti-virus scanners. Scanning e-mail as it arrives therefore adds nothing to
| your level of protection. It might indeed make you feel more protected, but
| that feeling is an illusion. If the system scan is unable to detect the
| virus, the e-mail scan will fail to do so also."
| -- 
| Alias
|
| Use the Reply to Sender feature
| of your news reader program to email me.
|
| Utiliza Responder al Remitente
| para mandarme un mail.
|
|
| :
| :
| :
| :
| : "Alias" <aka@maskedandanonymous.com> wrote in message
| news:34ssgvF4f4k0kU1@individual.net...
| : |
| : | "David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote
| : |
| : | : No, I have been studying computer infectors and using/administering
| anti
| : | virus software for
| : | : some 15 years.  I have managed LANs where Symantec was installed on an
| : | Exchange server and
| : | : McAfee was installed on the workstation.
| : |
| : | You're still wrong. Live with it.
| : |
| : | <snip big time of self praise>
| : | -- 
| : | Alias
| : |
| : | Use the Reply to Sender feature
| : | of your news reader program to email me.
| : |
| : | Utiliza Responder al Remitente
| : | para mandarme un mail.
| : |
| : |
| :
| :
|
|

• Next message: Joan and Alan: "Email"
• Previous message: Alias: "Re: Virus check of incoming e-mail"
• In reply to: Alias: "Re: Virus check of incoming e-mail"
• Next in thread: Charlie Tame: "Re: Virus check of incoming e-mail"
• Reply: Charlie Tame: "Re: Virus check of incoming e-mail"
• Messages sorted by: [ date ] [ thread ]

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint