Do You Need An E-Mail Scanner in Your Anti-Virus Program?

Do You Need An E-Mail Scanner in Your Anti-Virus Program?
Page content

Overview

I’m not a fan of e-mail scanner when Norton’s outgoing e-mail scanner has caused my PC to hang or delay downloading or sending my e-mails many years ago. I don’t like to see my anti-virus program to spend time or use extra resources by scanning every message I am sending or receiving. The work-around is to disable e-mail protection or scanning on incoming and outgoing e-mails. Some antivirus vendors even provide scanning of message when you read it. Is it worth to use e-mail scanner? What are the pros and cons of using e-mail scanner?

What Does E-mail Scanner Do… really?

We need to understand how the e-mail protections of effective anti-virus actually do and here’s some of it:

  • It will scan incoming message for spam, phishing, malicious scripts within the e-mail. Depending on the anti-virus, some will delete or move the positive or suspect message in another folder.
  • It will scan outgoing message to ensure that the message does not contain malicious file as attachment. Note: Antivirus program do not detect all type or variant of threats. You will never know if you are infected until you’ve scanned the system using on-demand scanners or online scanners to double-check.
  • E-mail Protection can monitor POP and SMTP ports (or other port used by spam bots) to ensure that your computer is not going to be a part of the botnet that is sending out e-mails to your contacts or anyone in your network as method of distribution.
  • Most anti-virus program has developed a plug-in to provide e-mail protection against spam, malicious messages or malware within the message. This e-mail plug-in is needed by a virus scanner or antivirus module to scan a decrypted message by e-mail plug-in (depending on how the anti-virus vendor is using the said plug-in).

If you think you are covered… I mean, you have the security policies in-place to replace the e-mail protection by anti-virus then I think turning off e-mail scanner is OK but I don’t think e-mail scanners is not essential. The disadvantage of using e-mail scanner is the delay in sending/receiving emails and possible corruption of your inbox files (corruption occurs only if the e-mail plugin is buggy but not all email plugins by antivirus programs have bugs). There’s a work-around to that: Configure your antivirus program to not to scan the inbox or the file extension use by your email client. Example: .dbx for Outlook Express, .eml for Windows Mail, .pst for Outlook and .msf for Thunderbird. Using this work-around will prevent corruption of the entire e-mails while taking advantage of e-mail protection using the e-mail plug-in in anti-virus. Note: Do not use that work-around if you plan to disable email scanner or else, the scan engine will not scan those files for malware (That can cause corruption too, isn’t it?).

Why Some Users Don’t Use E-mail Scanner?

People believe that e-mail scanner is not needed because the on-access (real-time) protection by effective anti-virus should be able to catch or detect any malware attachments that arrived in e-mail. Others are relying to junk mail filters of the e-mail client to prevent or move the unwanted messages (phishing and suspicious e-mail attachments). There are people who also rely on the new security settings in the e-mail programs. Example: Windows Mail will warn you if another application is sending e-mail as you and; disable attachments to be saved or opened that could be potentially virus. Most end-users and business users is also using extra pre-caution by allowing their ISP’s to scan the e-mails in the server before it will reach their inbox. Another pre-caution is to configure the email program to display all messages in plain text or block images and external content of HTML e-mails. One more method to not to receive bad messages or malware spam is to use MailWasher, ePrompter, POP Peeper or delete the unwanted emails from the server using a browser.

Do you think the above settings or policies means an e-mail scanner is no use anymore?

Your answer might be a yes but some will say no especially if they are aware of the risks of turning off e-mail scanner or have been a victim of spambot malware. E-mail virus is a threat and that is a fact. It does affect many users when they become a victim of botnets or their PC becomes part of the botnets without their knowledge. An example is Pushdo/Cutwail spambot and some spam botnets that is putting many PCs at risk (also your contacts). You can read more about it in the following articles:

The above is one example of many botnets but if you want more information, I suggest reading more about the Formation and exploitation of a botnets.

Recommendation: Botnets do not only carry out coordinated security attacks but can also send spam. If your anti-virus is offering e-mail protection against spam, phishing and other attacks from/to e-mail, I suggest taking advantage of it. E-mail Scanners will not only scan attachments but it can also decrypt messages for file scanner to scan successfully and it can monitor the system against botnet-behaviour by monitoring POP and SMTP ports.

Tips: Some free anti-virus program includes email protection. For example, a free edition of AVG, Avast and PC Tools is offering e-mail guard or protection. The free antivirus by Avira (AntiVir PE), Microsoft (Security Essentials) and Panda (Cloud AV) do not offer e-mail protection but the program will scan the attachments for malware or when it is saved in the hard-disk. Don’t be confused with virus scanning for e-mail attachments which is different from e-mail plugin’s usage or advantage of using e-mail plug-in.