A friend uses a Linux system and his e-mails have his PGP Key attached to them.
When I retrieve the e-mail (via the standard port 110 with my ISP), these particular e-mails do not have the message appended that the inbound message is clean, but the e-mail headers have this indication.
Is this normal scanning behavior for Avast when there is a PGP key involved? Not a big deal, just curious.
It won’t that is the whole point of the PGP security, the email is encrypted until opened with the corresponding key and avast doesn’t have that key. The email headers are obviously still available and accessible.
Personally I feel it a waste of processing effort in so marking inbound email, a) I wouldn’t trust any such signature it could be forged b) if the email is infected all hell will break lose and you will know.
as DavidR says avast needs to be able to inspect the way the body of the email is made up in order to be able to insert the “clean message” in the correct place in the message body. There are rules that must be followed for how to put the parts of an email together. Since the body is encrypted avast cannot see the format of the message body and has to pass on inserting the “clean message”.
By the way, it also means that avast cannot scan any attachments included in the message so extra care is appropriate in dealing with them.
Fine up to the point it bites you in the a**, trust and peace of mind are something that require a little more than a couple of sentences tagged at the bottom of an email.
There are a number of malicious emails that have used the same sort of ‘This email has been scanned by [Insert your AV of choice here] and is clean.’ Great up to the point they open the attachment.
The thing I like about this, is that it includes an original timestamp, along with the date and database information. This is certainly a big plus, in my opinion. It has more complete information, as opposed to a generic statement (your example above). Plus where the e-mail headers also have the database information listed, once scanned, it can be matched to any statement.
I’ve since learned that he was using Claws (Claws Mail) to send the e-mail.
But when he uses Thunderbird on the same system to send e-mail, avast! will append the text to a message sent using Thunderbird. Thunderbird does not directly support PGP, an extension has to be installed. Once that is installed, avast! will probably behave in the same manner as e-mail sent using Claws.