I just had the email shield pick up an infection that got past the AV protection of my email provider,GMX. This is what the log says:
3/25/2011 6:33:03 PM Incoming email ‘{LINE[subj]}’ From: “{LINE[from_name]}” thomas_shea@live-servers.net, To: <{#FIRST_EMAIL}>|>OrderN25031135.pdf#3397069973 [L] JS:Pdfka-gen [Expl] (0)
File was successfully moved to chest…
This is the first time that anything has gotten past GMX’s protection (Norton) to be then picked up by Avast! and a good reason to use the email shield. I guess it’s not as redundant a feature as a lot of people claim.
I had this same detection today, Maliwasher Pro flagged it first as spam and I realised it was also a social network/malware email and allowed it through MailWasher Pro to see if avast detected it which it did.
Of course they do and they should. The point is that I have always been one of those who questioned the need for the mail shield in Avast! but I no longer do. Like I said ,it’s the first time anything has gotten past any of my providers’ safeguards, but it proves that it can happen and that having a backup scanner with a different database can be a good thing.
That is only half of the equation, as without the Mail Shield you would have no outbound protection either.
If there happens to be an undetected/hidden spambot on your system then your first indication of it could be the Mail Shield blocking multiple identical emails in a time period being sent. We have seen instances of this in the forums.
These spambots generally have their own very small SMTP program (so not having an email program or using web mail only doesn’t stop them). They are often accompanied by a rootkit to try and hide its presence, the only indication might just be the Mail Shield; so I would go a step further and have the Mail Shield Sensitivity set to high.
wondering how other reputed security suites make it with no mail shield ??? okay, more seriously, the only serious resident shields in Avast are the file shield, the web and the network shields. The IM and the P2P are marketing shields. The behavior and the script shields have still to prove their usefulness ( ??? ) As to the auto-sandbox, I haven’t seen it do anything relevant yet. The mail shield has some specific checks that the file shield doesn’t have okay, but I’m pretty sure that in the end, any infection caught through POP/IMAP would be caught by the file shield. As to outgoing mail, lol, I guess the file shield would also intercept an infected attachment… when attaching it. Remains the spam bot issue, mass-mailing in the background… never experienced something like that so I can’t tell what the mail shield would do.
I forget who my ISP uses for incoming virus scans, but it’s good enough that in nearly 15 years online, I’m one more user who’s never seen anything get past them to be caught by avast. Still, I agree that the email shield should stay active, since there could always be a first time.
(Edit) I think they also scan outgoing mail, since they reserve the right to suspend the account of anyone who appears to be infected. One more reason to keep avast active, to retain the right to stay online.
That is a very good point about the Outgoing scan but, if the infection had not been caught already by the other shields, I doubt that the Mail Shield would catch it either. What could you be attaching that hadn’t already been scanned by the File Shield?
The detection I experienced would probably have been detected if it had come through and I had tried to open it. This is the philosophy other AV’s depend on. However, it said it was concerning an order and I know I haven’t ordered anything lately so I probably would have just deleted the mail anyway, especially since SpamFighter Free had put what was left of the mail into the Spam folder. I’m sure somebody else would have opened it though.
I’m not going back on saying that you should use the Mail Shield. I still say it’s a good idea to have the mail scanned by two different AV products.
The Mail Shield isn’t in this case looking for an infection but for the multiple emails in a time period.
Not detecting (or a hidden) the spambot doesn’t mean it can’t identify this activity as essentially it is spam rather than trying to transmit infected emails.