- slide 1 of 3
I’m not a fan of e-mail scanner when Norton’s outgoing e-mail scanner has caused my PC to hang or delay downloading or sending my e-mails many years ago. I don’t like to see my anti-virus program to spend time or use extra resources by scanning every message I am sending or receiving. The work-around is to disable e-mail protection or scanning on incoming and outgoing e-mails. Some antivirus vendors even provide scanning of message when you read it. Is it worth to use e-mail scanner? What are the pros and cons of using e-mail scanner?
- slide 2 of 3
What Does E-mail Scanner Do… really?
We need to understand how the e-mail protections of effective anti-virus actually do and here’s some of it:
- It will scan incoming message for spam, phishing, malicious scripts within the e-mail. Depending on the anti-virus, some will delete or move the positive or suspect message in another folder.
- It will scan outgoing message to ensure that the message does not contain malicious file as attachment. Note: Antivirus program do not detect all type or variant of threats. You will never know if you are infected until you’ve scanned the system using on-demand scanners or online scanners to double-check.
- E-mail Protection can monitor POP and SMTP ports (or other port used by spam bots) to ensure that your computer is not going to be a part of the botnet that is sending out e-mails to your contacts or anyone in your network as method of distribution.
- Most anti-virus program has developed a plug-in to provide e-mail protection against spam, malicious messages or malware within the message. This e-mail plug-in is needed by a virus scanner or antivirus module to scan a decrypted message by e-mail plug-in (depending on how the anti-virus vendor is using the said plug-in).
If you think you are covered… I mean, you have the security policies in-place to replace the e-mail protection by anti-virus then I think turning off e-mail scanner is OK but I don’t think e-mail scanners is not essential. The disadvantage of using e-mail scanner is the delay in sending/receiving emails and possible corruption of your inbox files (corruption occurs only if the e-mail plugin is buggy but not all email plugins by antivirus programs have bugs). There’s a work-around to that: Configure your antivirus program to not to scan the inbox or the file extension use by your email client. Example: .dbx for Outlook Express, .eml for Windows Mail, .pst for Outlook and .msf for Thunderbird. Using this work-around will prevent corruption of the entire e-mails while taking advantage of e-mail protection using the e-mail plug-in in anti-virus. Note: Do not use that work-around if you plan to disable email scanner or else, the scan engine will not scan those files for malware (That can cause corruption too, isn’t it?).
- slide 3 of 3
Why Some Users Don’t Use E-mail Scanner?
People believe that e-mail scanner is not needed because the on-access (real-time) protection by effective anti-virus should be able to catch or detect any malware attachments that arrived in e-mail. Others are relying to junk mail filters of the e-mail client to prevent or move the unwanted messages (phishing and suspicious e-mail attachments). There are people who also rely on the new security settings in the e-mail programs. Example: Windows Mail will warn you if another application is sending e-mail as you and; disable attachments to be saved or opened that could be potentially virus. Most end-users and business users is also using extra pre-caution by allowing their ISP’s to scan the e-mails in the server before it will reach their inbox. Another pre-caution is to configure the email program to display all messages in plain text or block images and external content of HTML e-mails. One more method to not to receive bad messages or malware spam is to use MailWasher, ePrompter, POP Peeper or delete the unwanted emails from the server using a browser.
Do you think the above settings or policies means an e-mail scanner is no use anymore?
Your answer might be a yes but some will say no especially if they are aware of the risks of turning off e-mail scanner or have been a victim of spambot malware. E-mail virus is a threat and that is a fact. It does affect many users when they become a victim of botnets or their PC becomes part of the botnets without their knowledge. An example is Pushdo/Cutwail spambot and some spam botnets that is putting many PCs at risk (also your contacts). You can read more about it in the following articles:
- Pushdo / Cutwail - An In-depth Analysis by Trend Micro: Report is in PDF Format but you can read more about it also in their blog, Pushdo/Cutwail The Art of Spamming, From Russia with Love, Can’t Touch This, Sniffing for the Win, Traditional AV is Useless and Botnet Research on WALEDAC and PUSHDO.
- When the hammer falls - Effects of successful widespread disinfection on malware development and direction by Microsoft.
- Recent incident and published by SANS’ Internet Storm Center in their Handler’s Diary where the anti-virus failed to detect the malware: Pushdo/Cutwail Spambot - A Little Known BIG Problem
- If the botnet creator has been shut-down… there is good news. Example: Spamhaus report’s last June 2009 - Impact on Cutwail of 3FN shutdown
The above is one example of many botnets but if you want more information, I suggest reading more about the Formation and exploitation of a botnets.
Recommendation: Botnets do not only carry out coordinated security attacks but can also send spam. If your anti-virus is offering e-mail protection against spam, phishing and other attacks from/to e-mail, I suggest taking advantage of it. E-mail Scanners will not only scan attachments but it can also decrypt messages for file scanner to scan successfully and it can monitor the system against botnet-behaviour by monitoring POP and SMTP ports.
Tips: Some free anti-virus program includes email protection. For example, a free edition of AVG, Avast and PC Tools is offering e-mail guard or protection. The free antivirus by Avira (AntiVir PE), Microsoft (Security Essentials) and Panda (Cloud AV) do not offer e-mail protection but the program will scan the attachments for malware or when it is saved in the hard-disk. Don’t be confused with virus scanning for e-mail attachments which is different from e-mail plugin’s usage or advantage of using e-mail plug-in.