Mail Scans for Secure Ports?
Comments
-
Hi,
no, only plain IMAP POP and SMTP are supported as F-Secure is filtering on port level. Just turn ES off.
Filtering on SSL-Level would require to either break email security (like a man-in-the-middle attack) to get access to the mail (which you would not like) or a different agent inside the mail-programm, that would allow checking the mails AFTER they have been decrypted and stored in the mailbox file (MBX)
As these agents would not only differ between different programs but also between different versions it is very difficult to maintain those.
Nevertheless the future is open and maybe we see am agent for the main mail-programms.
BR
-
Hi,
yes, basically ALL vendors have the same problem. Detecting malware inside an encryted stream is not possible in general (unless you do a kind of man-in-the middle-attack).
Some mail programs have an interface (like thunderbird) that you can use to call an antivirus whenever you touch an attachment. But they just store the file on the HDD and scan it using commandline parameters. With realtime scanning active this is already done in the moment the attachement is stored on the HDD automatically. So, yes, F-Secure protects you from regardless of the e-mail client and protocol you use. Not while you receive but when you start reading it. In any case this is early enough to protect you from any unwantanted activity. You would not want to sacrifice encryption for beeing able to detect in-stream!
Unfortunately the F-Secure SPAM markers also get set "in-stream", so that is a functionality that you loose. OTOH your ISP should be able to detect SPAM and there are lots of Anti-Spam plugins for mailclients available that do a good job.
Hoep this explains the situation.
-
Yes, thank you very much. That's put my mind at rest.
Nevertheless, we have to activate the realtime scanning. Perhaps, it will be a good idea that, if realtime scanning is deactivated and email scanning is activated (with 995), F-Secure scan e-mail on HDD ?
That is not a problem for me because I activate the realtime scanning, because F-Secure doesn't at all reduce performance of my computer.
But some people could not activate the realtime scanning and be infected by an email while they believe that F-Secure protects them. I, for example, I would have been able not to realize the problem. I noticed it by looking, by chance, at the Statistics window (who did not, thus, indicate scanned e-mails).
-
@MJ-perComp wrote:Hi,
yes, basically ALL vendors have the same problem. Detecting malware inside an encryted stream is not possible in general (unless you do a kind of man-in-the middle-attack).
Some mail programs have an interface (like thunderbird) that you can use to call an antivirus whenever you touch an attachment. But they just store the file on the HDD and scan it using commandline parameters. With realtime scanning active this is already done in the moment the attachement is stored on the HDD automatically. So, yes, F-Secure protects you from regardless of the e-mail client and protocol you use. Not while you receive but when you start reading it. In any case this is early enough to protect you from any unwantanted activity. You would not want to sacrifice encryption for beeing able to detect in-stream!
Unfortunately the F-Secure SPAM markers also get set "in-stream", so that is a functionality that you loose. OTOH your ISP should be able to detect SPAM and there are lots of Anti-Spam plugins for mailclients available that do a good job.
Hoep this explains the situation.
Is there a contradiction? Or is realtime scanning working both on storing an attachment, and on start reading it?
-
-
Thanks for the quick reply. The contradiction I saw was in the words "not while you receive it but while you start reading...". I guess I interpreted receive as including storing it. Glad it checks too when storing it. It triggers another question, why would I use the email shield if the message? / attachment? Is checked anyway while storing it. I will check the test suite as soon as I have my laptop working again.
-
Well "receiving" means the transfer from the server to you e-mail Client. POP3/SMTP (unencrypted) can be checked during transit. This gives an other hurdle to take for the malware.
many e-mail clients store the mail in this transit format. To open an attachement it will be converted to local disk befor you can use e.g. Word with it. This is the point where OAS sees the file in the filesystem.
some e-mail Clients would allow to forward the mail. In this case the "Transit"-format can be used. without SMTP scanning the mail leaves the system the same way as it arrived.
Thunderbird allows automatic attachement checking. Use that with "fsav.exe" to force conversion and storing to local HDD.
BR