PDA

View Full Version : Anti-virus confusion



Lucy
24-05-2003, 07:18 PM
A person here who is a LOT confused about these things. I have Norton and also AVG. I know that over the last three weeks I received messages containing viruses. I opened one, but didn't click on the attachment. But when these are downloaded to my inbox, and Norton scans them, why doesn't something flash up and say these contain viruses?? It seems I'd have to open them before I find out?

whiskeytangofoxtrot
24-05-2003, 07:20 PM
Is your Antivirus software updated regularly?

Garibaldi
24-05-2003, 07:25 PM
I ain't perfect but the first time in any day that I logon to the Internet the first thing I do is a live update (Symantec/Norton AV) - takes a few seconds but well woth the time to know the AV is rite up-to-date.

Susan B
24-05-2003, 08:09 PM
That is something that has always bugged me also, Lucy. I have not had many viruses but what I have received have never been picked up by NAV when I used that, nor AVG this week with the "Microsoft" one. AVG did, however, pick up that virus when I scanned my Attachment folder where Eudora (my email client) drops attachments into.

One particular virus, the Kak worm (not its full name), infects as soon as an email is opened or just previewed and that is how NAV picked it up - when the email was previewed and the virus executed. My computer got infected and whilst "repairing" it my Outlook Express Inbox got taken out, along with its contents. I was not impressed.

The usual advice is to always save all attachments to your hard drive and then scan them with an anti-virus before opening them.

Pheonix
24-05-2003, 08:17 PM
Unfortunately it is not a perfect world. Some virus's (or is that virii ?) require certain actions to reveal themselves. Some have scripting that is disguised.
But if you are up to date with your signatures, then it is highly unlikely that you will have a problem. Even if you opened the attachement, any half decent anti-virus program will stop any actions of infection.
Please keep in mind that there is always the possability of getting an unknown version ( known as "in the wild") , so some responsibility still rests on your shoulders. :)

Oxie
24-05-2003, 08:37 PM
Susan B

Your final paragraph is excellent advice. I can't agree with you more.

Oxie

stu140103
24-05-2003, 08:45 PM
Pheonix Has a very good point there.

Susan B
24-05-2003, 08:55 PM
I just re-read my post and I am thinking that it may be a little ambiguous.

What I meant was that anti-virus programs have never picked up my viruses in the actual emails when they came in. The viruses were detected either when they executed (in the case of the Kak worm) or when the attachments were scanned.


Pheonix (I think it was Pheonix anyway :p): Virii is most probably the correct term for more than one virus but for some reason I always say viruses, as do most people. Hmmm, maybe I should start using the correct term. :-)

Billy T
24-05-2003, 09:41 PM
Hi Susan

If you set NAV to scan emails on download then they will get detected provided your virus defs are up to date.

I don't bother to scan email any more though, because Xtra cleans my incoming mail, I don't preview any mail from any source, and ZA also picks up and quarantines most virii from downloads before NAV gets to them. I'm not sure how it does that but I think it is by detecting shonky file suffixes with executable characteristics.

Cheers

Billy 8-{) :D

Susan B
25-05-2003, 10:15 AM
Hi Billy,

> If you set NAV to scan emails on download then they will get detected provided your virus defs are up to date.

You are absolutely right. I am not currently using NAV (need to purchase the latest version and still deciding whether to go for System Works or not -- $$$$ ouch!) but I sent my virus to someone last night as a test (very brave person, he is :p :D) and his NAV jumped up with the big stick as soon as it hit his Inbox.

Further protection was afforded by his use of Mozilla for email with it set to not run anything downloaded into the Inbox nor allow certain files, such as the .pif file that I sent him, to be opened. That would be what your ZoneAlarm would pick up I would imagine, as Outpost used to do that for me also. It is a very handy feature that I cannot seem to find in Kerio unfortunately.

Clueless
25-05-2003, 10:28 AM
People forget that those who write viri generally release them into the wild without first sending a copy to the anti-virus people.

Because of this oversight, there is often a delay between a virus getting out there, and the antivirus peoples being able to update the virus definitions available.

For this reason i would recomend treating ANY unexpected attachment with caution.

.Clueless

-=JM=-
25-05-2003, 11:51 AM
Yes that virus was stopped BEFORE it hit my inbox. This is using NAV2003 with the latest defs that will have that virus in its list. I had to tell it no to fixing, quarantining and deletion before I could even get it in to my inbox. Then I couldn't save it to the desktop to have a look at until I disabled the auto-protect.

Lucy
26-05-2003, 09:03 AM
Thanks for all your replies. Both my anti-viruses are updated every day. The thing is, Xtra didn't seem to pick them up either which is a bit of a worry! I do remember when they first started this anti-virus filter, and I was sent a message from myself (shame), they sent me an e-mail, to tell me that it contained a virus. But nothing the last three times.

Billy T
26-05-2003, 09:56 AM
Lucy

Xtra strips the virus from your email but you won't necessarily know it is gone unless it was a particularly obvious attachment. If you are assuming receipt of a known virus solely from the subject line, e.g. the recent faux "Microsoft" screensaver messages, then that could explain your lack of alerts and your possibly erroneous assumption that Xtra didn't pick them up. Xtra still forwards the message, but by the time you received it the virus is gone.

IMHO you can take some reassurance from the combined power of the Xtra virus detector and your own AV program and rely on them both to protect you against most nasties.

The greatest threats will always be downloading of infected software and the inadvertent opening or previewing of infected emails. You retain full control over all three.

Cheers

Billy 8-{)

Lucy
27-05-2003, 01:41 PM
Ok thanks for that Billy ;)

heaton
27-05-2003, 04:15 PM
The usual advice is to always save all attachments to your hard drive and then scan them with an anti-virus before opening them.


Would'nt saving them to your hard drive be dangerous ?
I would save them to a floppy. Better still I just don't tolerate unknown attachments. I wipe them in Mailwasher before they even get near me.
aaarrrrgh!!!! a pox on the little blighters. Cheers .

Chris
27-05-2003, 04:23 PM
Saving them is harmless running them is how they get to do damamge, untill executed they are nothing but a bunch of harmless zeros and ones...

.Chris