Talk:Antivirus software: Difference between revisions

From MozillaZine Knowledge Base
Jump to navigationJump to search
Line 37: Line 37:
As explained, the extra benefit of turning off email scanning is (mainly) for compatible AV programs: "Even if your AV program is compatible with Thunderbird, consider turning off your AV program's e-mail scanning but not its autoprotect function."  
As explained, the extra benefit of turning off email scanning is (mainly) for compatible AV programs: "Even if your AV program is compatible with Thunderbird, consider turning off your AV program's e-mail scanning but not its autoprotect function."  


Also, as far as i know, *most* AV programs' autoprotect function does not do anything unless you access an infected email (even though this does not apply to NAV, as you explained), and, in fact, often only if you access its infected attachment. And even in the case of NAV, with email scanning disabled, TB makes sure that almost all infected emails end up in the junk folder and are deleted when that is emptied. As a result, the following and other serious problems caused by email scanning are avoided: continuous system drain, thousands of unnecessary scanning processes, and dozens or hundreds of potentially dangerous and completely unnecessary surgical operations within the mail folder. Emptying TB's junk folder is a much, much better way of deleting infected emails than using any AV program to find and delete these same messages, and TB identifies almost all infected emails because they are usually spam.
Also, as far as i know, *most* AV programs' autoprotect function does not do anything unless you access an infected email (even though this does not apply to NAV, as you explained), and, in fact, often only if you access its infected attachment.  
 
: This is an important point. Is there any vendor documentation to back this up? I.e., something like this Symantec doc for NAV [http://service1.symantec.com/SUPPORT/nav.nsf/5faa3ca6df6f549888256edd0061c0a4/e1dee105a07dbdaf8825680a006cf8f5?OpenDocument&prod=Norton%20AntiVirus&ver=2005&src=sg&pcode=nav&svy=&csm=no]. 
 
And even in the case of NAV, with email scanning disabled, TB makes sure that almost all infected emails end up in the junk folder and are deleted when that is emptied.  
 
: Not quite. All incoming mail passes through the Inbox, and even if it gets automatically passed to the Junk folder and then to the Trash, and then if the Trash is emptied, all those junk messages will ''still'' remain in the Inbox (merely hidden from view) until you compact folders. This still leaves the Inbox susceptible to being zapped by autoprotect -- depending, of course, on how the AV software's autoprotect works.
 
As a result, the following and other serious problems caused by email scanning are avoided: continuous system drain, thousands of unnecessary scanning processes, and dozens or hundreds of potentially dangerous and completely unnecessary surgical operations within the mail folder.  
 
:These are incidental to the points Guanxi raised above, but that's OK. (1) Hogging system resources is a legitimate concern for some users, depending on their system and AV software, etc. (2) The scanning processes are "unnecessary" insofar as autoprotect will offer protection, but the real issue here is whether it's best to prevent infected messages from entering the Inbox in the first place. (3) This OE expert [http://www.oehelp.com/OETips.aspx] claims that scanning incoming mail can cause problems when infected messages are removed (before they reach the mail folder, not from "within" it), due to the "fragility of the OE message store". If true, and true for TB as well as OE, then it's certainly something that users should consider.
 
Emptying TB's junk folder is a much, much better way of deleting infected emails than using any AV program to find and delete these same messages, and TB identifies almost all infected emails because they are usually spam.


And in the case of almost all of these infected emails in the junk folder, since the autoprotect function of even badly designed programs like NAV doesn't kick in unless you access the junk folder, turning of email scanning is in fact also beneficial in the case of incompatible AV programs: since almost all infected email will be in the junk folder, NAV very seldom gets a chance to corrupt the inbox even if it would do so if there is no junk mail filtering and it would delete the inbox if one previews an infected email without even opening its attachment.  
And in the case of almost all of these infected emails in the junk folder, since the autoprotect function of even badly designed programs like NAV doesn't kick in unless you access the junk folder, turning of email scanning is in fact also beneficial in the case of incompatible AV programs: since almost all infected email will be in the junk folder, NAV very seldom gets a chance to corrupt the inbox even if it would do so if there is no junk mail filtering and it would delete the inbox if one previews an infected email without even opening its attachment.  
[[User:American Finn|American Finn]] 01:35, 14 Aug 2005 (PDT)
[[User:American Finn|American Finn]] 01:35, 14 Aug 2005 (PDT)
:See what I said above about compacting folders. What happens when you turn off email scanning and allow an infected message to reach your Inbox is that, if TB automatically junks it, you now have TWO copies of the infected message in your system: one in the Inbox and one in the Junk folder. That's not a beneficial result.
:As far as I can judge at this point, I can't see any strong reason to advise people to disable email scanning ''unless'' it's causing them problems -- frequent Inbox corruption, inability to download mail, severe drag on the system, etc. I don't have a problem including it in the article as an option as long as we point out that autoprotect can also zap the Inbox or other folders; disabling email scanning can't be presented unambiguously as a solution too ''that'' problem. I think this can be written up concisely, too, with links to external references where appropriate. It doesn't need a whole separate argument at end the article.


== not opening attachments for a day ==
== not opening attachments for a day ==

Revision as of 21:19, 14 August 2005

if someone knows how to make gmail work in thunderbird with avg anti-virus, could they add that to the wiki as well? thanks!--134.58.253.131 03:43, 29 Nov 2004 (PST)

ClamMail (.sf.net) and ThunderBird/Mozilla suite mail

here is a link to current RFE to ClamMail to add support for simple account modification for ThunderBird :

http://sourceforge.net/tracker/index.php?func=detail&aid=1173082&group_id=125389&atid=702313

the author of clammail asks this because he added that functionnality for Outlook Express users in 1.2.7 (1.2.8 is latest) it was easy as outlook express stores all mail account details into registry.

it is a RFE to make integration between ThunderBird and ClamMail more user-friendly (checkboxes for each account instead of having to modify manually login, host, port, whatever)

Norton AV has it for ages, that's why i asked him to add it (for Outlook Express) and gave him details on how to do it (via registry)

so, if someone knows programmaticaly how to access to account info (login/host/port/ssl?), please help there.

Section on e-mail scanning av

I'm pulling this paragraph because the advice is dangerous and incorrect. If someone wants to rewrite it, that's fine with me:

* Even if your AV program is compatible with Thunderbird, consider turning off your AV program's e-mail scanning but not its autoprotect function. Because email scanning can result in Inbox corruption and computer slowdown or lockup and because it provides no extra protection, many independent experts advise against it, and even some antivirus vendors quietly admit that it provides no extra protection. Malware attachments are not at all dangerous as attachments, only when activated by users opening them. As long as your AV program's autoprotect function (often called "guard" or "shield") is turned on, it will effectively prevent any "infection" by malware your AV program knows about: i.e. it will not let you open and thereby install any known malware program in an e-mail attachment.

Here's what's wrong:

First, 'autprotect' features delete and corrupt inboxes. That's the whole point of this wiki page!

Second, e-mail scanning (I assume you mean a proxy) is less likely than autoprotect to corrupt Thunderbird mail; they act on data before/after it's in a Thunderbird file. In fact, scanning proxies can protect TB mail files from corruption by preventing viruses from getting there in the first place.

Finally, while what is written here about e-mail scanning an interesting idea, it's certainly not widely accepted and should not be given as advice to end users. It's the opinion of a few and belongs in their blogs or postings to forums. - Guanxi

I hope i addressed your concerns in my rewording. - American Finn

I don't think you've adequately addressed the crucial points Guanxi made above. In my experience with NAV, its autoprotect most certainly will delete/lock up your Inbox or other mailbox if it finds a virus inside, regardless of whether you open the attachment, because autoprotect kicks in whenever the mailbox file is accessed. That's why you have to switch off autoprotect to restore a quarantined Inbox. I don't see how running only with autoprotect is going to alleviate this; the only thing that will help is if infected messages are being quarantined before they reach the Inbox. No? --Wintogreen 11:34, 13 Aug 2005 (PDT)

As explained, the extra benefit of turning off email scanning is (mainly) for compatible AV programs: "Even if your AV program is compatible with Thunderbird, consider turning off your AV program's e-mail scanning but not its autoprotect function."

Also, as far as i know, *most* AV programs' autoprotect function does not do anything unless you access an infected email (even though this does not apply to NAV, as you explained), and, in fact, often only if you access its infected attachment.

This is an important point. Is there any vendor documentation to back this up? I.e., something like this Symantec doc for NAV [1].

And even in the case of NAV, with email scanning disabled, TB makes sure that almost all infected emails end up in the junk folder and are deleted when that is emptied.

Not quite. All incoming mail passes through the Inbox, and even if it gets automatically passed to the Junk folder and then to the Trash, and then if the Trash is emptied, all those junk messages will still remain in the Inbox (merely hidden from view) until you compact folders. This still leaves the Inbox susceptible to being zapped by autoprotect -- depending, of course, on how the AV software's autoprotect works.

As a result, the following and other serious problems caused by email scanning are avoided: continuous system drain, thousands of unnecessary scanning processes, and dozens or hundreds of potentially dangerous and completely unnecessary surgical operations within the mail folder.

These are incidental to the points Guanxi raised above, but that's OK. (1) Hogging system resources is a legitimate concern for some users, depending on their system and AV software, etc. (2) The scanning processes are "unnecessary" insofar as autoprotect will offer protection, but the real issue here is whether it's best to prevent infected messages from entering the Inbox in the first place. (3) This OE expert [2] claims that scanning incoming mail can cause problems when infected messages are removed (before they reach the mail folder, not from "within" it), due to the "fragility of the OE message store". If true, and true for TB as well as OE, then it's certainly something that users should consider.

Emptying TB's junk folder is a much, much better way of deleting infected emails than using any AV program to find and delete these same messages, and TB identifies almost all infected emails because they are usually spam.

And in the case of almost all of these infected emails in the junk folder, since the autoprotect function of even badly designed programs like NAV doesn't kick in unless you access the junk folder, turning of email scanning is in fact also beneficial in the case of incompatible AV programs: since almost all infected email will be in the junk folder, NAV very seldom gets a chance to corrupt the inbox even if it would do so if there is no junk mail filtering and it would delete the inbox if one previews an infected email without even opening its attachment. American Finn 01:35, 14 Aug 2005 (PDT)

See what I said above about compacting folders. What happens when you turn off email scanning and allow an infected message to reach your Inbox is that, if TB automatically junks it, you now have TWO copies of the infected message in your system: one in the Inbox and one in the Junk folder. That's not a beneficial result.
As far as I can judge at this point, I can't see any strong reason to advise people to disable email scanning unless it's causing them problems -- frequent Inbox corruption, inability to download mail, severe drag on the system, etc. I don't have a problem including it in the article as an option as long as we point out that autoprotect can also zap the Inbox or other folders; disabling email scanning can't be presented unambiguously as a solution too that problem. I think this can be written up concisely, too, with links to external references where appropriate. It doesn't need a whole separate argument at end the article.

not opening attachments for a day

This advice may prevent viruses, but I think it's problematic:

In addition, it is a good idea to wait at least one day before opening any attachment that has been forwarded to give your AV program's manufacturer a chance to provide a perhaps necessary new update.

I think for most people, and especially most working people, that's just impractical. My friends and co-workers would be a little unhappy!

Absolutely. "Sorry, boss, but I can't open that file you sent until the next virus definitions come out. Tomorrow at the earliest." Repeat twice/day. Lose job. --Wintogreen 11:40, 13 Aug 2005 (PDT)

As explained, this extra protection advice applies only to forwarded emails with attachments and only from unknown senders. American Finn 01:18, 14 Aug 2005 (PDT)