CIS wishlist ... what about an (realtime) email protection?


there’s one good thing in an other free anti-virus suite (avast), that’s a realtime email protection.
That means, that emails will be checked right before they could come into the email-client.
It even works with SSL encryption.

Wouldn’d that be interesting for CIS?

EDIT: Oh, sorry, right now I’ve seen, that I should have posted it here. 88)

It’s a marketing thing, CIS already does this with it’s AV real-time protection. There is no “right before they could come into the email-client”… there is before, during and after. The only reason it works works with SSL is because it’s “after”… think about it. :slight_smile:

No, I think, it’s because they put their own certificates into the email client and can hold and read it with that.

And I’m not sure about the “before, during and after” in connection with CIS.
I tested it with some Test-Mails from
Avast detects for example the GIF or EXE or Java-Applet before it comes into the inbox of Thunderbird.
CIS let it all pass through! Only after I saved the attachment and wanted to open it, CIS detects it and opened it in the sandbox.

To save system memory CIS only scans files just before they are run. To do otherwise would add undo strain to the system and not increase protection at all (as the file would be scanned and checked just before being run anyway).

So… avast diverts, decrypts and scans your emails on a remote system? I suspect not.

Indeed. :smiley:

Regarding me (opinion) : There are already others (more) important stuffs that have to be added (with much higher priorities).

people don’t understand that content is actually downloaded to their system and checked there. They think having an email protection will somehow magically stop the content from being downloaded and check it in the cloud and then download it to their pc.

they are forgetting that the “protection” is actually running in their PC and the content must be downloaded to their PC for the protection to check it.

So…content ends up in their computer!

Yes, of course, I think it works like that. It scans all incomming AND outgoing mails on my pc (where Thunderbird is running). Don’t know, what you mean with “remote” in this context? Avast and email client are installed on the same system.
(EDIT: And yes, sure, emails must be downloaded before scanning! This happens not in somewhere in the cloud!) :wink:

If you have the time, test it, then you will see! Use the link I wrote above (with the heise email check).

The realtime email check can be also usefull, when you forward emails. Or simply, if you’re writing emails, you can send not unintentionally infected emails. It’s a bit more safe, that they are not infected.
And, maybe that’s a fallacy, but I feel a little safer, if incoming emails are scanned before they are placed on the hard disk. Who knows, maybe malicious code can spread then somehow …

On the fly I found just a link from the german avast forum (avadas), where the working principle is explained a bit more specific:

Wie funktioniert die Mail-Schutz Prüfung in technischer Hinsicht? Die Prüfung des Datenverkehrs wird über eine Art lokalen Proxy, den der avast! Dienst AvastSvc.exe abbildet, realisiert. avast! fängt den Datenverkehr auf den betroffenen Ports ab, prüft diesen und leitet ihn dann an das eigentliche Ziel weiter.

Translation (bing):
“How does the E-mail protection work in technical terms?
The examination of traffic is through some kind of local proxy that avast! Service covers AvastSvc.exe, realized. avast! intercepts the traffic on the affected ports, these checks and then forwards it to the actual destination.”

The keywords in that description are local proxy. This means the content is local to your machine. The content is downloaded to your machine, processed by Avast, then sent your your mailbox.

In other words, the email is not scanned before it gets to your machine. It is scanned when it is already on your machine, just like any other real-time AV does. The only difference is that Avast does this before it hits your email client, while CIS will do it when you attempt to access it.

So which method is superior? They’re basically doing the same thing in a different way.

I vote for the Comodo way .

Yes, I know. But maybe it’s just hold in the RAM (and then deleted) and not written to disk and maybe this makes a difference. Maybe, but I don’t know, just an idea!

That’s the question! :slight_smile:
So as you write it, it makes no difference.
But I think, in case of doubt, it is always better malicious code is already deleted before (unknowingly) attempting to execute it. I always think maybe then things can spread, before it can be stopped by the virus scanner. But perhaps that’s also nonsense, or really just a matter of judgment.

But one difference there is in any case: With avast I can’t send or forward infected emails.
With CIS I could send for example an infected file (exe, gif, jpg etc.), which has not yet been opened on my PC (e.g. downloaded and right next sent).
But we’re talking here anyway about infected files, that will be detected!

nothing can access or alter your pc with the right configuration. if you trust an attachment then that is on you. Not on CIS.

That’s not the issue!
(That’s what I meant by writing: “But we’re talking here anyway about infected files, that will be detected!” If there is a new (not detected) virus, malware, rootkit etc. and I click on it, then it’s on me! :o It’s better to execute also the brain.exe! But if there is an already known “virus”, than maybe it’s better, it’s deleted or moved to virus vault before I can click on it and not after I clicked on it.)

I thought, an email protection was a good idea! And for me it’s the only reason, that on my pc runs comodo firewall and avast free anti-virus instead of only CIS.

I believe what sAyer meant was that even if the file is not detected it will still be isolated by the Auto-Sandbox in CIS. Thus, regardless of whether the file was detected before, during, or after execution, you are still going to be safe from harm as the Defense+ component of CIS will protect you.

Remember that for CIS detection is by far not the most important component. Even if something sneaks by the antivirus you are safe, unless you explicitly select the option to trust the file. This is what I believe sAyer was referencing.

how is it giving you more protection?

Thanks for the explanation! That’s in fact an argument! And avast doesn’t has a sandbox in its freeware, and certainly not an auto-sandbox.

I think, I need to sit apart with the issue auto-sandbox!
I should try it (deinstalling avast, installing CIS) … :slight_smile:
But here I must befriend me only with the new user interface, because at the moment I still have comodo firewall 5.x! (At my Laptop I have CIS 6.x and I find it - ähm - needs getting used to!

I would love to see the following additions to the right click context menu in the systray icon:

  • a shortcut to update the program
  • a shortcut to disable/resume the firewall.

What’s the link with the email protection ? …