PDA

View Full Version : AVG Email "Protection"



sleddog
03-05-2003, 04:50 PM
Does anyone know how email virus protection worked with AVG?
The program and the website is, to say the least, rather vague. Lots of "you are protected" assurances, but not much in the way of explanations.

I found this in the website FAQ:

The E-mail scanner button is inactive.
The AVG E-mail scanner does not support every E-mail client. Supported clients are MS Exchange, MS Outlook and Qualcomm Eudora which use the MAPI protocol. If you are using a different client be assured that you are fully protected by the AVG resident shield.
The number of supported E-mail clients is growing, so make sure that you get the latest update.

Now, I don't use MS Exchange, MS Outlook or Qualcomm Eudora.But, the E-mail scanner button is not inactive. So am I protected or not? I'm guessing not, but there's no way of finding out.

What's the difference between supported and protected? Even though my client is not "supported" I'm supposed to be "assured" that I am fully "protected"?

I'd prefer some accurate documentation instead of these fuzzy reassurances.

pentachris
03-05-2003, 05:10 PM
What they're telling you is that even though your email client isn't supported by the email scanner (emails aren't automatically scanned for viruses), your system as a whole is still protected by the resident shield.

So a virus could still make it through into your inbox, but if it tried to execute, the resident shield would (should) stop it in its tracks.

mjc
03-05-2003, 05:18 PM
The AVG email scanner witll integrate with the listed prgrams(supported) and actively scan as you download your mail with one of them.

The resident scanner will "fill in" and conduct its normal scans of attatchments etc for the email messages not covered above (protected).

Basically the way it was explained to me was that most of the "big boys" have a separate email scanner, so Grisoft, through customer input, decided that they should include one, even though it is really redundant. It was a simple matter for them to set it up for what they wer using internally (Exchange and Outlook), so that is what they did.

The other thing that the email scanner will do for the supported programs is mark the message as certified (basically adds a line saying scanned by AVG) to outgoing mail.

malcore
03-05-2003, 05:21 PM
So, if your e mail client is not supported or you don't use one, disabling the e mail scanner may shrink the footprint of AVG?

I don't use a client, and have disabled the e mail scanner, as well as the scheduler and auto update. Prefer to update and scan manually. Just left resident shield running.

sleddog
03-05-2003, 05:56 PM
So does it provide any protection against 'embedded' virusses like Klez targetted against OE users? (I'm assuming that they do not mean Outlook Express when they say "MS Outlook"). If not, it is certainly providing a very strong false sense of security for a lot of people...

Andy why is email scanning shown as "enabled" when none of the three mentioned email clients are installed? The FAQ quoted above would tend to indicate that it should be shown as disabled.

I really think AVG should be more up front about what it does and doesn't do wrt to email scanning.

david eaton
03-05-2003, 06:06 PM
Not completely certain about this, but I thought that AVG scannedmail in OE. Certainly, my copy claims to have an active e-mail scanner, and the "scanned with AVG" is added to all outgoing messages.

David

sleddog
03-05-2003, 06:22 PM
Then that may be why it is enabled here, simply by finding that OE is installed. A better check would be to see if it set as the default mail application (it isn't).

If your messages are being tagged then I guess they are being intercepted by AVG. Ever try emailing that virus-test file to yourself to see what happens? That's what I was going to try, if I could remember the name of it... got a link anyone?

[Edit] Found it -- http://www.eicar.org/anti_virus_test_file.htm

mjc
03-05-2003, 10:50 PM
yes, I have done the eicar test and AVG caught it.

sleddog
03-05-2003, 11:10 PM
Using Outlook Express?

Did it catch it outgoing or incoming?

mjc
03-06-2003, 12:30 AM
Using Mozilla on the outgoing, because I tried to send it with OE and it wouldn't let me (this was done over a year ago when I still used OE....) and receiving with OE. So both, actually.

I have had the resident scanner popup for one or 2 klez emails that I haven't killed with Mailwasher before downloading my email.

Paul Komski
03-06-2003, 11:04 PM
If you ever want to make a harmless pseudo-virus just create a blank file with notepad, go into DOS and rename it from say test.txt to test.txt.pif

You will know it is harmless but AVG will warn and/or quarantine it.

I have seen AVG detect and isolate both klez and opaserv that were deliberately forwarded by me to a testing pc as soon as the attachments were "touched" (attempted to be opened).

The only query I would have about AVG's ability to deal with some malware would be those that run malignant ActiveX or Scripts by previewing in (older versions of) OE; maybe it would still catch them but no experience of this. One can usually protect against these by setting OEs security to mimic IE's high security settings.

sleddog
03-08-2003, 11:06 AM
Avast! claims "a generic scanner working on the SMTP/POP3/IMAP4 protocol level. It is capable of protecting any existing e-mail client that uses these protocols." [http://www.avast.com/avast4/home_ed.html]

So is this superior to what AVG does -- or doesn't do -- for non-supported email clients?

david eaton
03-08-2003, 11:42 AM
Well, the way I read that article, it seems that while the main scanner and database are updated, this does NOT apply to the e-mail scanner, which relies on heuristic analysis and a generic scanner.

AVG, uses its main scanning engine with the current database for all operations, so it should detect more of the latest viruses.

However, Avast claim to detect trojans as well, which AVG doesn't to any great extent, so from that point of view, Avast may be better.

Personally, I am going to stay with AVG, and a separate Trojan program.

David

sleddog
03-12-2003, 08:51 AM
I uninstalled AVG and installed Avast! to test it. Two things worth mentioning:

1. The background process(es) used some 20mb of RAM! In comparison AVG used 2500-5200kb, depending on what's happening. Most of the time it sits there using only ~2500kb.
2. Email scanning for non-supported clients (anything other then Outlook/Outlook Express) is done by configuring Avast! as a proxy. There are good instructions on how to do it manually. BUT you're limited to one email account. For me that makes it pretty useless.

Unless you don't mind wasting RAM, and use only one email account with a non-MS client, AVG seems the better solution.

Sylvander
03-12-2003, 11:25 AM
I just ran the test and it was rather interesting.

1. When downloading the files to a CD-RW disk:
I was warned by AVG that these were viruses and I had to over-rule it to succeed in the download.

2. When attempting to attach them to an e-mail, I was again warned and had to over-rule and it attached “eicar.com” and “eicar_com.zip”. It refused to attach [I thought (I later discovered it was attached after all)] “eicarcom2.zip” and moved it to the virus vault.
3. I shut down AVG but the “Outlook Express Plugin” still caught the fake viruses and had to be over-ruled.
4. The e-mails were successfully sent with fake viruses attached but with no AVG certification.
5. The first time I used “Mailwasher” it failed to register that they were viruses and AVG failed too. They got through with no warnings of any kind.
6. The second time I did it “Mailwasher” labelled them as “Possible Virus”. AVG did nothing to warn of the content. Perhaps because I didn't attempt to open the attachments?
7. The third time I did this it got REALLY difficult. I gave up trying. The only file I could successfully attach was “eicar_com.zip”. Even though I had shut down AVG and used “Ctrl+Alt+Del to “End Task” another component, the viruses were STILL BEING REPORTED and moved to the virus vault and I couldn't prevent it. It would not attach them.

Sylvander
03-12-2003, 05:53 PM
UPDATE
I've just noticed that the last e-mail I managed to send [with “eicar_com.zip” attached] was shown by "Mailwasher" as "Normal" but "Outlook Express" would not download it.
I marked it for "Delete" in Mailwasher and "Processed Mail", which successfully deleted it.

It's worth noting that "Hotmail" did not deliver any of the e-mails with fake viruses.

My other server is "Blueyonder".