Email scanning query

Is there any real need to scan email as it comes in or will the ordinary scanning catch something as it lands on the disc? I use Eudora for email. I used to use EZ AV and turned off email scanning as it wasn’t necessary and wanted to do the same here.

It looks like Eudora has scanned the mail for virus at there server before you receive it, if i am correct

http://www.eudora.com/worldmail/comparison.html

You can test this here, by sending the EICAR test file to your mailbox

http://www.aleph-tec.com/eicar/index.php

I don’t use the Eudora server, just the emailer but it looks like my email providers scan emails as the EICAR didn’t arrive to two different addresses. That’s a shame. Thanks all the same.

but it looks like my email providers scan emails as the EICAR didn't arrive to two different addresses. That's a shame.
Why?, it means they remove the virus before you receive it, (or they just remove the hole mail, so you will never see it) isn't that good?

Not really as it means I can’t test my own AV and if theirs is not up to date then it’ll miss things.

Test your AV here http://www.eicar.org/anti_virus_test_file.htm

Now got off the subject somewhat. Can anyone answer the original question? I’ve turned off email scanning for now but can’t test if anything will still be caught when it lands on the disc. Anyone know?

standard shield in av4 as well as file system shield in av5beta scan mails when received and saved to disk. So no, an email scanner on top of this is not absolutely necessary. In Avast 5 the mail scanner can scan in memory like the web shield, so it can abort a connection if needed before anything’s saved to disk, that’s the main difference.
I had to deactivate AV5 mail scanner (issue in Thunderbird, off topic here), and watched the file system shield activity in avast UI. Every single movement in the mail client is scanned :wink: …same in Avast 4.

Excellent. Thank you. :slight_smile:

That isn’t entirely correct.

It is best to scan emails before they get assigned to an email folder as an email isn’t a stand alone file, but is normally packed into a database file.

I’m totally unfamiliar with Eudora as to how it stores its emails, if each email is storred as a .eml file for instance then no problem. However, if they are stored in database file (like .dbx on OE or .pst in MS Outlook) containing multiple emails, then there could be a complication.

Assuming that the standard shield scans this file depending on settings (because it has been modified) then it could well detect the presence of an infected email, but what it is finding is an infection within the database file. Some AVs would just delete the infected file (bang there goes your emails), some may try to extract the email from the database file, which could result in corruption of the database file and yes you guessed it (bang there goes your emails).

So you have to exercise extreme care when you have an alert on an infected email, if it wasn’t detected by the email scanner. It may be better to make notes of the infection as it may give the email folder, subject and attachment, etc. So you could choose ignore the detection and go in to Eudora find and manually delete it, plus empty the deleted emails folder also.

my assumptions seem to be correct concerning Thunderbird at least it seems :wink: (wdseml files, so one for each mail)

Yes, the big question is how the email client stores the emails as a stand alone file or within a database file, the latter being more dangerous for possible loss of multiple emails in the database file.