Scan Attachments Question , Thanks

[Bass]

I use outlook express 6 for my mail and I use the free version of AVG as my
virus scanner . This may seem a pretty dumb question but I have to ask it .

When I get an email with an attachment , if I right click the attachment
there is no option in the drop down menu to scan with AVG .

However , one of the options is to "save as" , so I go ahead and save the
attachment into "my documents" . I then go to "my documents" and right click
on the saved attachment , NOW there is an option in the drop down menu to
"scan with AVG"

It only takes a second or so to scan the unopened file , if no virus , I
then delete the file , go back to the mail program and open the attachment .

Could anyone please tell me ,
1/ Why is there no option to scan the attachment until after I save it ?
2/ If the virus scanner can scan the unopened attachment after it is saved
into "my documents" , why can't it scan it as it arrives in my mailbox ?
3/ Is there a better way to ensure no virus gets into my computer through
email attachments ?

I would really appreciate any help or suggestions .

Thanks

 

[Geese_Hunter]

I use outlook express 6 for my mail and I use the free version of AVG as my
virus scanner . This may seem a pretty dumb question but I have to ask it .

When I get an email with an attachment , if I right click the attachment
there is no option in the drop down menu to scan with AVG .

However , one of the options is to "save as" , so I go ahead and save the
attachment into "my documents" . I then go to "my documents" and right click
on the saved attachment , NOW there is an option in the drop down menu to
"scan with AVG"

It only takes a second or so to scan the unopened file , if no virus , I
then delete the file , go back to the mail program and open the attachment .

Could anyone please tell me ,
1/ Why is there no option to scan the attachment until after I save it ?
2/ If the virus scanner can scan the unopened attachment after it is saved
into "my documents" , why can't it scan it as it arrives in my mailbox ?
3/ Is there a better way to ensure no virus gets into my computer through
email attachments ?

I would really appreciate any help or suggestions .

Thanks

Assuming you are using the Free edition of AVG, Use the plug-in. Also
update your virus database, many new updates since feb 18th.

 

[Tim Downie]

Assuming you are using the Free edition of AVG, Use the plug-in.

That won't make any difference as the free AVG doesn't seem to scan the mime
encoded emails until they are decoded by openning. Even then, it's not
until you you try to open an attachment that AVG kicks into action.

If you *really* want to scan an attachment before openning it, you have to
save it first (whch will do the decoding) and then scan it.

Also
update your virus database, many new updates since feb 18th.

Too true. Two in the last two days.

Tim

 

[FromTheRafters]

I use outlook express 6 for my mail and I use the free version of AVG as my
virus scanner . This may seem a pretty dumb question but I have to ask it .

Okay, I'll try to come up with a dumb answer (which shouldn't
be too difficult for me).

When I get an email with an attachment , if I right click the attachment
there is no option in the drop down menu to scan with AVG .

However , one of the options is to "save as" , so I go ahead and save the
attachment into "my documents".

I use a separate directory (folder) called "Questionable content" so that
it is less likely to be opened accidentally - everything in there is suspect.

I then go to "my documents" and right click
on the saved attachment , NOW there is an option in the drop down menu to
"scan with AVG"

It is now in the form of a "file" rather than contained within an e-mail
as an encoded "attachment".

It only takes a second or so to scan the unopened file , if no virus , I
then delete the file , go back to the mail program and open the attachment .

....but the scanner can't tell you that there is "no virus", it can
only determine that none were found. Any *new* malware
will soon (or eventually) bite you on the ass using this method.
If you really *need* to find out what the attachment is, then
you should either wait for a period of time to allow the AV
to catch up with the *new* malware (through a couple of
update cycles *might* be enough) and then scan it, or use
another isolated test machine to open the file. Not everyone
will have the second machine, so the 'cooling off' period is
probably the better option because everyone has the ability
(although perhaps not the desire) to use that method.

Could anyone please tell me ,
1/ Why is there no option to scan the attachment until after I save it ?

I assume that the scanner scans files, and the file that the suspected
malware is in at this point is the entire "Inbox" (inbox.dbx) file that
is seen by the user as the "Inbox folder" in OE. When you choose
the 'save as' option, the attachment is decoded and saved as a file
in the specified location. There were some problems some time ago
where an AV program deleted the entire inbox when malware was
found, or corrupted the inbox.dbx file while it was trying to surgically
remove the malware.

2/ If the virus scanner can scan the unopened attachment after it is saved
into "my documents" , why can't it scan it as it arrives in my mailbox ?

Some can, but they have to be able to detach and decode the
attachment themselves in order to do so.

3/ Is there a better way to ensure no virus gets into my computer through
email attachments ?

Yes, but they're much less fun. For example:

Don't accept attachments - period.

Pretty boring huh?

The Claymania site has some good "safe hex" recommendations - you
might want to check them out.

I would really appreciate any help or suggestions .

http://claymania.com/safe-hex.html

 

[Bass]

it .

Okay, I'll try to come up with a dumb answer (which shouldn't
be too difficult for me).


I use a separate directory (folder) called "Questionable content" so that
it is less likely to be opened accidentally - everything in there is suspect.

It is now in the form of a "file" rather than contained within an e-mail
as an encoded "attachment".
attachment .

...but the scanner can't tell you that there is "no virus", it can
only determine that none were found. Any *new* malware
will soon (or eventually) bite you on the ass using this method.
If you really *need* to find out what the attachment is, then
you should either wait for a period of time to allow the AV
to catch up with the *new* malware (through a couple of
update cycles *might* be enough) and then scan it, or use
another isolated test machine to open the file. Not everyone
will have the second machine, so the 'cooling off' period is
probably the better option because everyone has the ability
(although perhaps not the desire) to use that method.


I assume that the scanner scans files, and the file that the suspected
malware is in at this point is the entire "Inbox" (inbox.dbx) file that
is seen by the user as the "Inbox folder" in OE. When you choose
the 'save as' option, the attachment is decoded and saved as a file
in the specified location. There were some problems some time ago
where an AV program deleted the entire inbox when malware was
found, or corrupted the inbox.dbx file while it was trying to surgically
remove the malware.


Some can, but they have to be able to detach and decode the
attachment themselves in order to do so.


Yes, but they're much less fun. For example:

Don't accept attachments - period.

Pretty boring huh?

The Claymania site has some good "safe hex" recommendations - you
might want to check them out.


http://claymania.com/safe-hex.html

Thanks very much for your in depth reply , its not a dumb answer at all ,
for me it is excellent . You have really helped me to understand just what
is going on . I appreciate you taking the time to really go through it .
Cheers

 

[Jack the Bear]

it .

Okay, I'll try to come up with a dumb answer (which shouldn't
be too difficult for me).


I use a separate directory (folder) called "Questionable content" so that
it is less likely to be opened accidentally - everything in there is

suspect.

I'd use "Suspect," I hate LFNs.

It is now in the form of a "file" rather than contained within an e-mail
as an encoded "attachment".

Or, more likely, windows has the newly decrypted file in memory.

attachment .

...but the scanner can't tell you that there is "no virus", it can
only determine that none were found. Any *new* malware
will soon (or eventually) bite you on the ass using this method.
If you really *need* to find out what the attachment is, then
you should either wait for a period of time to allow the AV
to catch up with the *new* malware (through a couple of
update cycles *might* be enough) and then scan it, or use
another isolated test machine to open the file. Not everyone
will have the second machine, so the 'cooling off' period is
probably the better option because everyone has the ability
(although perhaps not the desire) to use that method.

I had one that was rated "No Virus Found" through two or three updayes, when
"Surprise!" it then scanned positive for Bagle.F

Maybe AVG doesn't do base64.

I assume that the scanner scans files, and the file that the suspected
malware is in at this point is the entire "Inbox" (inbox.dbx) file that
is seen by the user as the "Inbox folder" in OE. When you choose
the 'save as' option, the attachment is decoded and saved as a file
in the specified location. There were some problems some time ago
where an AV program deleted the entire inbox when malware was
found, or corrupted the inbox.dbx file while it was trying to surgically
remove the malware.

See above.

Some can, but they have to be able to detach and decode the
attachment themselves in order to do so.


Yes, but they're much less fun. For example:

Don't accept attachments - period.

Pretty boring huh?

Or sit on them for at least a week, with AVG: two weeks.

The Claymania site has some good "safe hex" recommendations - you
might want to check them out.


http://claymania.com/safe-hex.html

Sounds reasonable to me.....

- Jack.

 

[Jack the Bear]

Or sit on them for at least a week, with AVG: two weeks.

I just saw the date on your AVG defs. I change my answer above to: at least
a month and a half.

- Jack.

 

[FromTheRafters]

Or, more likely, windows has the newly decrypted file in memory.

I don't think that that would necessarily have anything to do with the
context menu. I'm not too sure myself what actually transpires while
decoding an attachment - I always just assumed the output of the
decoder was piped into a temp file and never was wholly in ram.
When you attempt to execute the attachment (having never saved
it out as a stand alone file) it is the temp file that gets its contents
presented as an executable image.

 

[Bass]

I just saw the date on your AVG defs. I change my answer above to: at least
a month and a half.

- Jack.

Hey Jack ,

How do you arrive at that conclusion ???????

Bass

 

[Jack the Bear]

Hey Jack ,

How do you arrive at that conclusion ???????

Bass

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.592 / Virus Database: 375 - Release Date: 18/02/2004

Release Date: 18/02/2004

Since then, I've done 18 updates to my AV [two today] and I may have missed
a few.

- Jack.

 

[Bass]

Hey Jack ,

How do you arrive at that conclusion ???????

Bass

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.592 / Virus Database: 375 - Release Date: 18/02/2004

Release Date: 18/02/2004

Since then, I've done 18 updates to my AV [two today] and I may have missed
a few.

- Jack.

That's when the program was downloaded Jack , not when it was last updated ,
a little less sarcasm would not go astray .

- Bass

 

[Jack the Bear]

Or sit on them for at least a week, with AVG: two weeks.

I just saw the date on your AVG defs. I change my answer above to: at
least
a month and a half.

- Jack.

Hey Jack ,

How do you arrive at that conclusion ???????

Bass

Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.592 / Virus Database: 375 - Release Date: 18/02/2004

Release Date: 18/02/2004

Since then, I've done 18 updates to my AV [two today] and I may have missed
a few.

- Jack.

That's when the program was downloaded Jack , not when it was last updated ,
a little less sarcasm would not go astray .

- Bass

Sorry, I thought those were the release dates of the Database. It sure reads
like that.

- Jack.

 

[Bass]

Snip

Sorry, I thought those were the release dates of the Database. It sure reads
like that.

- Jack.

That's OK man , I appreciate your comments anyway .

Cheers

Bass

 

[Beauregard T. Shagnasty]

Quoth the raven named Jack the Bear:

Sorry, I thought those were the release dates of the Database. It
sure reads like that.

- Jack.

I am inclined to believe the date is the release date of the database.
I just checked my wife's computer (she uses AVG) and her database is
385 and the release date is 3/1/2004 (American date) March 1.

So... Bass is really quite behind, having missed at least ten updates,
and the "certified virus free" message is just so much crap. You need
to check for updates every day.

My own Avast! has been updated at least five times since yesterday
morning.

 

[Geese_Hunter]

Quoth the raven named Jack the Bear:


I am inclined to believe the date is the release date of the database.
I just checked my wife's computer (she uses AVG) and her database is
385 and the release date is 3/1/2004 (American date) March 1.

So... Bass is really quite behind, having missed at least ten updates,
and the "certified virus free" message is just so much crap. You need
to check for updates every day.

My own Avast! has been updated at least five times since yesterday
morning.

It is the release date of the database, not when you installed it or
downloaded it.
Look at your sent e-mails or postings & it changes, or should when you
get the updates.
here's a copy of mine e-mails sent 5 days apart.

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http,www,grisoft,com).
Version: 6.0.593 / Virus Database: 376 - Release Date: 2/20/2004