Mail Scans for Secure Ports?

Hi,

 

no, only plain IMAP POP and SMTP are supported as F-Secure is filtering on port level. Just turn ES off.

 

Filtering on SSL-Level would require to either break email security (like a man-in-the-middle attack) to get access to the mail (which you would not like) or a different agent inside the mail-programm, that would allow checking the mails AFTER they have been decrypted and stored in the mailbox file (MBX)

 

As these agents would not only differ between different programs but also between different versions it is very difficult to maintain those.

 

Nevertheless the future is open and maybe we see am agent for the main mail-programms.

 

BR

Hi,

yes, basically ALL vendors have the same problem. Detecting malware inside an encryted stream is not possible in general (unless you do a kind of man-in-the middle-attack).

 

Some mail programs have an interface (like thunderbird) that you can use to call an antivirus whenever you touch an attachment. But they just store the file on the HDD and scan it using commandline parameters. With realtime scanning active this is already done in the moment the attachement is stored on the HDD automatically. So, yes, F-Secure protects you from regardless of the e-mail client and protocol you use. Not while you receive but when you start reading it. In any case this is early enough to protect you from any unwantanted activity. You would not want to sacrifice encryption for beeing able to detect in-stream!

 

Unfortunately the F-Secure SPAM markers also get set "in-stream", so that is a functionality that you loose. OTOH your ISP should be able to detect SPAM and there are lots of Anti-Spam plugins for mailclients available that do a good job.

 

Hoep this explains the situation.

---

@MJ-perComp wrote:

Hi,

yes, basically ALL vendors have the same problem. Detecting malware inside an encryted stream is not possible in general (unless you do a kind of man-in-the middle-attack).

 

Some mail programs have an interface (like thunderbird) that you can use to call an antivirus whenever you touch an attachment. But they just store the file on the HDD and scan it using commandline parameters. With realtime scanning active this is already done in the moment the attachement is stored on the HDD automatically. So, yes, F-Secure protects you from regardless of the e-mail client and protocol you use. Not while you receive but when you start reading it. In any case this is early enough to protect you from any unwantanted activity. You would not want to sacrifice encryption for beeing able to detect in-stream!

 

Unfortunately the F-Secure SPAM markers also get set "in-stream", so that is a functionality that you loose. OTOH your ISP should be able to detect SPAM and there are lots of Anti-Spam plugins for mailclients available that do a good job.

 

Hoep this explains the situation.

---

Is there a contradiction? Or is realtime scanning working both on storing an attachment, and on start reading it?

Thanks for the quick reply. The contradiction I saw was in the words "not while you receive it but while you start reading...". I guess I interpreted receive as including storing it. Glad it checks too when storing it. It triggers another question, why would I use the email shield if the message? / attachment? Is checked anyway while storing it. I will check the test suite as soon as I have my laptop working again.