Email scan using new Comodo Security Suite.

[Guest]

[leebon]

I have just installed the new Security Suite and, quite frankly, don't understand how my email traffic (both in and out) or how my IM traffic is monitored and scanned by the Anti-virus component.  Maybe I am too used to seeing messages from my former AV  software AVG telling me that email is being scanned.  Trend Micro did the same thing.  Does Comodo Security Suite actually scan incoming and outgoing mail and IM traffic and, if so, how is it accomplished?   I submitted this question to Comodo support and all I get is a return email telling me to go to the forum.  I can't find anything about this in the forum.  Thanks

[Ronny]

Hello Leebon,

It won't scan your email and IM, Comodo believes that a virus/malware can only exist in Memory or on Disk.
Both of those are scanned and if found it will Alert you.

What does that mean for your email and IM attachments, nothing until you try so save them to disk they will get scanned and if needed you will be Alerted.

This will help keep the AV light and fast.

Hope this helps

[yorkie32]

Hi
so email is not scanned via CIS ?? as it was in the CAVS beta version im slightly confused can anyone explane please ?

many thanks

[Ronny]

No email is not scanned, see the FAQ for more details.

[fazio93]

Hi
so email is not scanned via CIS ?? as it was in the CAVS beta version im slightly confused can anyone explane please ?

many thanks

Ronny just explained it.

Hello Leebon,

It won't scan your email and IM, Comodo believes that a virus/malware can only exist in Memory or on Disk.
Both of those are scanned and if found it will Alert you.

What does that mean for your email and IM attachments, nothing until you try so save them to disk they will get scanned and if needed you will be Alerted.

Hope this helps

Malware can only exist on your harddrive or in memory. As long as CIS constantly scans those two spots, you're safe. If you check you're mail, it gets downloaded onto your disk...which is being scanned by CIS.

Most other AVs only add more shields and such for marketing. 

[yorkie32]

many thanks
i now understand how it works think was having a blonde moment 

[sded]

A simple explanation of email virus scanning may help.  Most email virus scanners work as a proxy, intercepting incoming mail via a TCP port internal to the computer (localhost), scanning it and passing it on the email client if it is not caught as a virus.  So they attempt to catch it while being downloaded to your client.  The standard scanner instead checks the email when you try to open it after it hits the email client.  Most (all?) AVs do this again anyway, even if you already have done the email scan, so somewhat redundant.  Don't know what CAVS does if you just download your mail to your client and don't read it yet-but if there is no way to open it, won't do any damage until you do try.  I like to know ASAP, so use an email scanner (Avast!).

[Ronny]

I've tested this on Thunderbird.

Nothing will happen until you select the attachment and try to open/save it.
You can run a Manual Scan of you Thunderbird profile it won't alert you and it won't kill your inbox etc.

[sded]

Thanks; that's what I would expect but haven't used CAVS.   Same thing should happen with embedded HTTP links and a web scanner in terms of when things happen relative to your browser.

[fazio93]

I've tested this on Thunderbird.

Nothing will happen until you select the attachment and try to open/save it.
You can run a Manual Scan of you Thunderbird profile it won't alert you and it won't kill your inbox etc.

Thanks. I was wondering that too. 

[The Scribe]

Okay, so I just downloaded an email I received that had an attachment and opened it. The attachment opened. I knew it was safe, but does this mean we can't tell if our scanner is working until a virus or trojan pops up in an attachment?

The inconvenience here of course is, that if the scanner is not working for some reason, we can just unsuspectingly open a bad attachment.

[fazio93]

Okay, so I just downloaded an email I received that had an attachment and opened it. The attachment opened. I knew it was safe, but does this mean we can't tell if our scanner is working until a virus or trojan pops up in an attachment?

The inconvenience here of course is, that if the scanner is not working for some reason, we can just unsuspectingly open a bad attachment.

Have someone send you the EICAR test file?

[Tags:]