User talk:Wintogreen: Difference between revisions
From MozillaZine Knowledge Base
Jump to navigationJump to search
Wintogreen (talk | contribs) m (d'oh!) |
Wintogreen (talk | contribs) (ugh...) |
||
| Line 6: | Line 6: | ||
Please use the information in this article to help decide whether you wish to disable e-mail scanning and/or autoprotect monitoring of your mailbox files by your antivirus software. For other, more basic information on using antivirus software with Thunderbird or Mozilla Suite, see [[Antivirus software]]. | Please use the information in this article to help decide whether you wish to disable e-mail scanning and/or autoprotect monitoring of your mailbox files by your antivirus software. For other, more basic information on using antivirus software with Thunderbird or Mozilla Suite, see [[Antivirus software]]. | ||
== | ==Scanning incoming e-mail== | ||
In Thunderbird and Mozilla Suite, malware attachments are dangerous not as attachments per se, but only when activated by users opening them. As long as your AV program’s autoprotect function (sometimes called “guard” or “shield”) is turned on, it should prevent any “infection” by malware your AV program knows about: i.e., it will not let you open and thereby activate any known malware program in an e-mail attachment. As Symantec thus states regarding Norton Antivirus, disabling e-mail scanning "does not leave you unprotected against viruses that are distributed as email attachments" as long as autoprotect is enabled. [http://service1.symantec.com/SUPPORT/nav.nsf/5faa3ca6df6f549888256edd0061c0a4/4ba5fc8ef939c44c88256c7500723cf0?OpenDocument&src=bar_sch_nam&seg=ag] If you wish to test your own AV software's autoprotect feature, you can download this harmless [http://www.eicar.org/anti_virus_test_file.htm test file]. | |||
===Summary of cons: reasons for ''not'' scanning e-mail=== | ===Summary of cons: reasons for ''not'' scanning e-mail=== | ||
Since your AV program's autoprotect feature should protect your computer from infection, as noted above, you may thus wish to disable scanning of incoming (and perhaps outgoing) mail. Key reasons: | |||
* | * If you turn off e-mail scanning ''and'' properly set your AV program to exclude your Inbox file from autoprotect and system scans (see below), this should drastically reduce the chance of your AV program deleting or quarantining your Inbox, while still leaving your computer protected. | ||
* | * If your AV software should happen to lock up your Inbox file when scanning incoming mail, getting the Inbox out of quarantine may be difficult and time-consuming for some users. | ||
* | * By contrast, in Thunderbird/Mozilla Suite it is easy to remove infected messages from your computer. All you need to do is delete the messages, empty the Trash, and [[compacting folders | compact folders]]. Moreover, since much infected mail may be detected by Thunderbird/Mozilla Suite as spam and automatically sent to the Junk folder, if you regularly delete junk, empty the Trash and compact folders, these infected messages will be removed from your system without you even needing to be aware that they were infected. | ||
* In addition, there is a chance that if you do get a non-spam e-mail | * In addition, there is a chance that if you do get a non-spam e-mail with a malicious attachment that this e-mail will contain an important message from a known sender. It is senseless to let your AV program destroy an important e-mail just because it has an infected attachment. | ||
* | * "Surgical" operations in an e-mail program's data files by another program (as when an AV program attempts to quarantine an incoming message) include the risk of corrupting those files. Turning off e-mail scanning should reduce the risk of such corruption. | ||
* | * Scanning all e-mails consumes system resources and may cause noticeable slowdown on your computer. | ||
===Summary of pros: reasons ''for'' scanning e-mail=== | ===Summary of pros: reasons ''for'' scanning e-mail=== | ||
Even though your AV program's autoprotect feature should protect your computer from being infected, you may still wish to let your AV program scan incoming mail. Key reasons: | |||
* If your AV software's e-mail scanning can reliably keep infected messages from reaching your Inbox, then your Inbox file will not become "infected" in the first place and your AV software will thus have no reason to take action against the whole Inbox file. | * If your AV software's e-mail scanning can reliably keep infected messages from reaching your Inbox, then your Inbox file will not become "infected" in the first place and your AV software will thus have no reason to take action against the whole Inbox file. | ||
* Even though malicious attachments are ordinarily not dangerous unless opened and your AV software's autoprotect should prevent you from activating them, some people prefer to not have dormant virus code in their Inbox or other mailbox files (Junk, Trash, etc.). | * Even though malicious attachments are ordinarily not dangerous unless opened and your AV software's autoprotect should prevent you from activating them, some people nevertheless prefer to not have dormant virus code in their Inbox or other mailbox files (Junk, Trash, etc.). | ||
* For users with enough computer skills, getting the Inbox back from quarantine may be easy and usually succeed. | * Any time a message is moved or deleted from the Inbox, it actually remains in the Inbox file until you [[compacting folders | compact folders]] (see below). Unless you compact folders frequently and consistently, your AV software could still quarantine your Inbox during a system scan if it finds an infected message there. Disabling e-mail scanning will actually increase the chance of this happening unless you properly configure your AV program to exclude your Inbox from such scans (see below). | ||
* | * For users with enough computer skills, getting the Inbox back from quarantine may be easy and usually succeed. | ||
* Even if it doesn't succeed, users who back up their mail every day and/or move everything out of the Inbox never risk losing more than today’s mail. Users who set up Thunderbird/Mozilla Suite to leave messages on the server for a few days will also be able to recover those messages if needed. | |||
* The overall effect on system resources by your AV software may be negligible on your computer. | * The overall effect on system resources by your AV software may be negligible on your computer. | ||
== | ==Excluding your Inbox from autoprotect and system scans== | ||
To reduce the likelihood of your Inbox being quarantined or corrupted by your AV program, you may wish to configure your AV program to exclude the Inbox from autoprotect and system scans. Important information in this regard: | |||
* Some AV programs are configured by default to not let their autoprotect function monitor Outlook Express’s mail files (.dbx). Symantec suggests excluding the Inbox file from being scanned in order to keep it from becoming quarantined [http://service1.symantec.com/SUPPORT/ent-security.nsf/d04e6f2f2dfad5de88256c910079502c/712247a53df336e088256a22002724ad?OpenDocument&prod=Norton%20AntiVirus&ver=2004%20for%20Windows%202000/Me/98/XP&src=sg&pcode=nav&svy=&csm=no]. Excluding the Inbox file from autoprotect should only prevent your AV program from taking action on the mailbox file, but it should still enable autoprotect to prevent any virus from being activated if you try to open an infected attachment. (The reason for this is that the attachment is stored together with the message in the mailbox file, and it has to come "out” of the mailbox file to be activated.) | |||
* In Thunderbird (and Mozilla Suite), a message that is moved or deleted from the Inbox actually remains in the "Inbox" file on your computer until you [[compacting folders | compact folders]]; it is merely hidden from the Inbox view in Thunderbird. For instance, if you download an infected message and Thunderbird's [[Junk Mail Controls | junk-mail filtering]] automatically moves it to the Junk folder, you now have ''two'' copies of that message in your mailbox files: one in the Junk file, and one in the Inbox file. Even if you delete the infected message and empty the Trash, it remains in your Inbox until you compact folders. This is important because your AV program, such as during a system scan, could detect a virus in one of these mailbox files and quarantine the file—even though the corresponding mail folder in Thunderbird "looks" like it is empty of suspicious e-mails. To avoid this you may want to configure your AV program to skip your Inbox and other mailbox files during system scans. | |||
* Since Thunderbird's (and Mozilla Suite's) mailbox files are not named with a file extension like ".dbx" and thus cannot be excluded all at once based on a shared extension, they need to be excluded individually. Thus, for the Inbox you need to exclude the file named "Inbox", and the same for any other mailbox files that you want to exclude ("Sent", "Templates", etc.). It is strongly recommended that you '''do not''' exclude your entire [[profile folder]] from autoprotect: doing so would likely allow a virus inadvertently saved there to be activated, unchecked by your AV software. Consult your AV program's documentation for how to set file exclusions. | |||
Revision as of 16:31, 26 November 2005
Rough idea for how to reorganize Email scanning - pros and cons:
- This article is a work in progress and still very much under discussion.
Please use the information in this article to help decide whether you wish to disable e-mail scanning and/or autoprotect monitoring of your mailbox files by your antivirus software. For other, more basic information on using antivirus software with Thunderbird or Mozilla Suite, see Antivirus software.
Scanning incoming e-mail
In Thunderbird and Mozilla Suite, malware attachments are dangerous not as attachments per se, but only when activated by users opening them. As long as your AV program’s autoprotect function (sometimes called “guard” or “shield”) is turned on, it should prevent any “infection” by malware your AV program knows about: i.e., it will not let you open and thereby activate any known malware program in an e-mail attachment. As Symantec thus states regarding Norton Antivirus, disabling e-mail scanning "does not leave you unprotected against viruses that are distributed as email attachments" as long as autoprotect is enabled. [1] If you wish to test your own AV software's autoprotect feature, you can download this harmless test file.
Summary of cons: reasons for not scanning e-mail
Since your AV program's autoprotect feature should protect your computer from infection, as noted above, you may thus wish to disable scanning of incoming (and perhaps outgoing) mail. Key reasons:
- If you turn off e-mail scanning and properly set your AV program to exclude your Inbox file from autoprotect and system scans (see below), this should drastically reduce the chance of your AV program deleting or quarantining your Inbox, while still leaving your computer protected.
- If your AV software should happen to lock up your Inbox file when scanning incoming mail, getting the Inbox out of quarantine may be difficult and time-consuming for some users.
- By contrast, in Thunderbird/Mozilla Suite it is easy to remove infected messages from your computer. All you need to do is delete the messages, empty the Trash, and compact folders. Moreover, since much infected mail may be detected by Thunderbird/Mozilla Suite as spam and automatically sent to the Junk folder, if you regularly delete junk, empty the Trash and compact folders, these infected messages will be removed from your system without you even needing to be aware that they were infected.
- In addition, there is a chance that if you do get a non-spam e-mail with a malicious attachment that this e-mail will contain an important message from a known sender. It is senseless to let your AV program destroy an important e-mail just because it has an infected attachment.
- "Surgical" operations in an e-mail program's data files by another program (as when an AV program attempts to quarantine an incoming message) include the risk of corrupting those files. Turning off e-mail scanning should reduce the risk of such corruption.
- Scanning all e-mails consumes system resources and may cause noticeable slowdown on your computer.
Summary of pros: reasons for scanning e-mail
Even though your AV program's autoprotect feature should protect your computer from being infected, you may still wish to let your AV program scan incoming mail. Key reasons:
- If your AV software's e-mail scanning can reliably keep infected messages from reaching your Inbox, then your Inbox file will not become "infected" in the first place and your AV software will thus have no reason to take action against the whole Inbox file.
- Even though malicious attachments are ordinarily not dangerous unless opened and your AV software's autoprotect should prevent you from activating them, some people nevertheless prefer to not have dormant virus code in their Inbox or other mailbox files (Junk, Trash, etc.).
- Any time a message is moved or deleted from the Inbox, it actually remains in the Inbox file until you compact folders (see below). Unless you compact folders frequently and consistently, your AV software could still quarantine your Inbox during a system scan if it finds an infected message there. Disabling e-mail scanning will actually increase the chance of this happening unless you properly configure your AV program to exclude your Inbox from such scans (see below).
- For users with enough computer skills, getting the Inbox back from quarantine may be easy and usually succeed.
- Even if it doesn't succeed, users who back up their mail every day and/or move everything out of the Inbox never risk losing more than today’s mail. Users who set up Thunderbird/Mozilla Suite to leave messages on the server for a few days will also be able to recover those messages if needed.
- The overall effect on system resources by your AV software may be negligible on your computer.
Excluding your Inbox from autoprotect and system scans
To reduce the likelihood of your Inbox being quarantined or corrupted by your AV program, you may wish to configure your AV program to exclude the Inbox from autoprotect and system scans. Important information in this regard:
- Some AV programs are configured by default to not let their autoprotect function monitor Outlook Express’s mail files (.dbx). Symantec suggests excluding the Inbox file from being scanned in order to keep it from becoming quarantined [2]. Excluding the Inbox file from autoprotect should only prevent your AV program from taking action on the mailbox file, but it should still enable autoprotect to prevent any virus from being activated if you try to open an infected attachment. (The reason for this is that the attachment is stored together with the message in the mailbox file, and it has to come "out” of the mailbox file to be activated.)
- In Thunderbird (and Mozilla Suite), a message that is moved or deleted from the Inbox actually remains in the "Inbox" file on your computer until you compact folders; it is merely hidden from the Inbox view in Thunderbird. For instance, if you download an infected message and Thunderbird's junk-mail filtering automatically moves it to the Junk folder, you now have two copies of that message in your mailbox files: one in the Junk file, and one in the Inbox file. Even if you delete the infected message and empty the Trash, it remains in your Inbox until you compact folders. This is important because your AV program, such as during a system scan, could detect a virus in one of these mailbox files and quarantine the file—even though the corresponding mail folder in Thunderbird "looks" like it is empty of suspicious e-mails. To avoid this you may want to configure your AV program to skip your Inbox and other mailbox files during system scans.
- Since Thunderbird's (and Mozilla Suite's) mailbox files are not named with a file extension like ".dbx" and thus cannot be excluded all at once based on a shared extension, they need to be excluded individually. Thus, for the Inbox you need to exclude the file named "Inbox", and the same for any other mailbox files that you want to exclude ("Sent", "Templates", etc.). It is strongly recommended that you do not exclude your entire profile folder from autoprotect: doing so would likely allow a virus inadvertently saved there to be activated, unchecked by your AV software. Consult your AV program's documentation for how to set file exclusions.
