Hello, I found this article by Tom Koch from Microsoft. I was in the process of trying to recover Outlook Express after the loss of local saved email folders and a Hotmail account. The problem that I had was not viral but file corruption in OE. But note what he writes on this topic concerning email scanners. The last line with icon is my question. ???
Viral Irony: The Most Common Cause of Corruption
When encountering the symptoms of DBX corruption, many people immediately fear that their computer is infected with a virus. As surprising and ironic as it may seem though, the most common cause of DBX corruption is not a virus, but rather anti-virus programs that are configured to scan incoming or outgoing e-mail. Even the most well-known anti-virus programs have exhibited this problem from time to time. To lessen the risk of such corruption you should disable the e-mail scanning module in your anti-virus program. This is usually easy to do by looking at the user-configurable options in the anti-virus program. It is not at all necessary to scan e-mail for viruses to protect your computer.
Now before you dismiss me as mad, let me explain why e-mail scanning is unnecessary. Almost every anti-virus program for Windows installs by default a system scan that runs in the background every time Windows starts. This scan is necessary to protect your computer. If you receive a virus in an e-mail attachment, the virus cannot do anything at all until you actually open the attachment. At that time Outlook Express extracts the attachment from the message and saves it to the Temporary Internet Files folder on your hard disk and attempts to open the file. And it is precisely at that moment that a background system scan will detect the virus, provided it is able to do so, and stop the virus from executing. The system scan will usually delete the infected file from the Temporary Internet Files folder, or else move it to quarantine. To remove the infected e-mail message in Outlook Express, simply hold the Shift key while you press the Delete key. That’s all it takes to keep your computer safe, both from e-mail viruses and e-mail anti-virus scanners. Scanning e-mail as it arrives therefore adds nothing to your level of protection. It might indeed make you feel more protected, but that feeling is an illusion. If the system scan is unable to detect the virus, the e-mail scan will fail to do so also.
Is this true of Avasts email scanner vs the standard shield?
The only time avast touches (scans) the .dbx files is during an on-demand scan (more later).
The Internet Mail provider is what scans inbound email and it does this ‘outside’ the inbox in a localhost proxy, if an infected email is found the user has several options, move to chest, deletion, etc. all of which don’t entail accessing the .dbx file/s. So there is no possibility of corrupting a .dbx file.
So with avast, the scanning of incoming and outgoing email doesn’t happen in the .dbx files so there is no direct interaction with the .dbx files.
During on-demand scans avast would scan the contents of the .dbx files depending on the sensitivity of the scan and if archives are selected. Even if that were the case avast is able to extract an infected email (if detected) within the .dbx file without corrupting it. Unlike many other AV where it may corrupt the .dbx file when trying to extract an infected email, some are even worse and treat the whole .dbx file as infected resulting in the deletion of it with the resultant loss of the emails in it.
Remember this is a single file, a database file but a (special) single file all the same and this is why many AVs get it wrong.
I never read that avast corrupts .dbx files, neither on-access nor on-demand…
The special provider/plugin for email scan allows that only this part of the antivirus be at high sensitivity level, better performance & protection balance. The statement you’ve posted (
Now before you dismiss me as mad, let me explain why e-mail scanning is unnecessary.) is valid for poor configurability of other antivirus program…
The provider that you all are referring to, is this the internet mail service provider[Hotmail;Gmail;AOL; etc…] or the Avast database. This is not clearly understood.
I note that the standard shield for Avast is not scanning the email when the email scanner is off.
My conclusion is that the email scanner in Avast is necessary component for protection. The standard shield does not scan the TIF that OE extracts the email file attachment to before attempting to open. But what about the system background scanning that Koch refers to in the article? Is this not the on-access scan shield; in Avast terminology the [standard shield]?
This is common today in US based Internet mail to scan all in/outbound although some only one or the other. And their AV program databases are usually extensive. How would Avast be able to turn on/off the Internet Mail service providers AV scanning. Why does Avast not use its own AV database? ???
Also there is the implication in the MS NewsGroups that Symantec is doing the Internet scanning in todays world.
Why does Avast not use its own AV database?
Well, avast has its own database... what are you referring to?
I understand that the Avast has its own DB. What I do not understand is why Avast calls the various scanners a service provider as if it is separate from the organization called Avast. A language barrier question perhaps. The perception is that these are independent service providers instead of scan modules contained in Avast AV program.
But what about the system background scanning that Koch refers to in the article?
Is this not the on-access scan shield; in Avast terminology the [standard shield]?
Yes, probably, in avast case, Standard Shield but at High sensitivity level.
You say probably, which means you do not know with certainty. I checked this and the scan counter did not register the scan of an email in the standard shield when the email scan shield was off.
Also there is the implication in the MS NewsGroups that Symantec is doing the Internet scanning in todays world.
Not in my computer
In the USA, not global. There are many global AS [Automous Systems] comprising the w3 and Global Internet. Symantec is US based Internet AV service provider to the networks.
Yes, Koch and others in MS NG’s seem to think everyone out there is MSN. Consequently all have this thing they refer to as Auto-Protect and LiveUpdate. This is a legacy system that I am on here and I am not MSN.
Level of sensitivity: High
:o I would have expected to see the [standard shield] scan email irregardless of the email scanner provider.
Provider reads like Medicaid in USA. The same old thing… just another government program
When one talks about avast scanning files it has a meaning. It means scanning files in the various well known standards used by major operating systems for storing files on hard drives and removable media.
When you talk about scanning email you are assuming that there is something that is defined as email. The operative word here is defined. There are no - none - zero accepted standards in existence for the storing of email. Every email client and every email server product does its own thing for the storing of email.
The only thing that makes email work between all these products is that there are strong standards for the transmission formats of email. These strong standards only apply to emails as they are in the process of being received/sent and have to be adhered to by every email client and email server product.
That is where the Internet Mail provider comes in. It is built to scan the messages while they are in transmission to/from your system. The Internet Mail provider, using the strong standards for transmission, knows how to take the component parts of every email message and scan the body and attachments of the message at this time. In the case of received email this is done before the message is ever committed to the database of your email client. The very clear intention is to prevent an infected message ever making it into the email database of whatever is your chosen mail client (and about which avast has not got the slightest clue).
Prevention is better than cure.
What the Microsoft NG person seems to be talking about is the problematical issue of antivirus/antimalware products thinking that they understand the esoteric nature of the databases used by various email clients and trying to excise from the database an email found to be infected - usually during an “on demand” scan. Their efforts to do so regularly lead to the corrupted database issues that are so vexing to the user. If you do not store infected content in the email client database then you do not run this risk.
Even so, there are messages that the Internet Mail provider does not scan. It cannot scan messages that use personal encryption (thought this is still rare) and it cannot scan (at least at present and without third party program assistance) messages delivered via secure connections.
In these cases the avast user is relying on the “on access” scanner to protect them from any infected content in the email database when it is decoded back into a real file. All email attachments (other than plain text) have to be encoded for transmission and they are usually (thought not always) stored by mail clients in the encoded form as part of the email message. When the email client decodes the attachment back into a real file and you attempt to do something with the file then there is the chance for avast to again scan the file and detect any problem.
Just an afterthought - I am in the US too - we have different perspectives on the word “provider”.