A question about email scanning protection

I heard somewhere that email scanning protection is useless and even harmful. Can someone give me a detailed explanation why? Thanks

This is my conjecture.

Email scanner takes a longer time for downloading email with big attachment and delay for scanning (If you don’t set a timeout.)

And if a virus didn’t detect by database from antivirus software it will harm when you run attachment.
But Some security apps have HIPS to detect a system change when a virus going to run.

Note : This is my conjecture only, Don’t be so serious.

If the “emails scanner” uses the same signatures then there is no point… It will be detected on access anyway.

Hi viper,

Some answers and references are in your previous request about the matter here
https://forums.comodo.com/empty-t41840.0.html

Then if you search forum with key words like “email scan” many threads and discussions will be found

Google “do I need email scanning by Antivirus” or like that … - a lot of readings

…read one of the Symantec’s advices e.g.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005101214322948?Open&docid=2004061108301248&nsf=ent-security.nsf&view=pfdocs

...attachments are immediately downloaded to the computer that is running the email client and scanned when the user opens the message. If you download a large attachment over a slow connection, mail performance is affected. You may want to disable this feature
and further: "Disabling email scanning if you use SSL connections"

There are other similar advices by different AV developers as well

Search different AVs forums for “e-mail lost” or alike…

For more technical details please consider reading this excellent article written by Haemoglobin_Destroyer - one of the moderators and IT professional in this forum

http://forum.emsisoft.com/Default.aspx?g=posts&t=3827

My regards

p.s. added the following quote was taken from another recent thread, where the discussion regarding real-time e-mail scanning was considered by the moderator as Offtopic, which was correct…
…but here that may fit perfectly as my personal opinion:

"onAccess", "onExecution" scans, behavioural blocking, other layers of protection, etc. is sufficient enough for me and others, regarding email scanning/checking actions and stopping what currently is possible to stop when something malicious was suspected.

Hi guys.
yesterday I got a virus in attachment

http://warbandit.exteen.com/images/virus/virus_in_email.gif

Until today the has a variant.

Ummm… OK?

No one has been saying that you won’t get malware through attachments. Simply that there is no security risk by not scanning the attachment on receipt. As long as the attachment is scanned on access, you’re good to go.

Hi HeffeD,
Very good point.

I am getting really a lot of e-mails (who does not? :slight_smile: ). Most of them have attachments.
Usually I don’t have time to review all attachments.
I created a dedicated folder for saving attachments whether they are received by my main e-mail client or “hot/gmail…”, etc.

So, basically I’m saving them into that folder.

I have several on-demand scanners. All of them have Custom Scan set to check the mentioned folder.
During the week as many scans were done by any or all of those scanners – the e-mail attachments folder is being scanned several times with all updated scanners.
At the end of the week, when I am going to open/read those attachments I do my final scan of the folder.

Are we 100% safe doing that? The answer is always – No even despite there are additional layers of security which will be involved when I do open those attachments eventually… but the risk would be definitely reduced.

Cheers!