Why Is Email Files In Advanced Setup Not Part Of The Default Settings?

[tmuster2k 22]

I get this inquiry from customers from time to time that dig into the advanced setup. When they go to Advanced Setup >> computer >> On demand Computer Scan >> then the ThreatSense engine parameter setup>> from that section on Objects "Email Files" is not checked. I know its checked for real time but not in on-demand scan. I guess my questions is what is the definition of scanning of "email files" and why is it checked for real time but no on-demand scan even though the option is avail?

[Arakasi 549]

E-mail files probably refers to .msg files which are used for outlook from office and probably live mail or outlook express etc.

Since not everyone installs and uses Microsoft outlook or .msg files, its not in the highest interest to be an always on option.

Since ESET already watches incoming mail through the transport layer, and application layer for webmail, this is a minimal option to have added to scans.

 

I could see it being added to default though, not sure what the repercussions would be if any.

Edited July 19, 2014 by Arakasi

[tmuster2k 22]

E-mail files probably refers to .msg files which are used for outlook from office and probably live mail or outlook express etc.

Since not everyone installs and uses Microsoft outlook or .msg files, its not in the highest interest to be an always on option.

Since ESET already watches incoming mail through the transport layer, and application layer for webmail, this is a minimal option to have added to scans.

 

I could see it being added to default though, not sure what the repercussions would be if any.

Nice. that is a solid response and kind of on the same lines with the .msg files that I was thinking about. I really appreciate the awesome feedback and will pass this along to my customer. Much thanks and have a great weekend.

[Arakasi 549]

You are most welcome tmuster !

[Patch 16]

I get this inquiry from customers from time to time that dig into the advanced setup. When they go to Advanced Setup >> computer >> On demand Computer Scan >> then the ThreatSense engine parameter setup>> from that section on Objects "Email Files" is not checked. I know its checked for real time but not in on-demand scan. I guess my questions is what is the definition of scanning of "email files" and why is it checked for real time but no on-demand scan even though the option is avail?

I thought microsoft puts all email in one .pst file so if you download a virus not detected by ESET (ie ESET not installed at the time or not detected by the virus definition files at that time). Then regularly scan the email file, at some time in the future the virus is likely to be detected with all your other emails. If ESET deletes it then there is a risk your other emails may also be lost.

 

Instead I thought the approach ESET use is to scan any time the email is acessed so at risk of causing damage. Thus not risking all the other email in the .pst file.

 

Yes I know you may feel ESET should just delete the offending malware but microsoft are free to update their file format, and some .pst files are likely to be partly corrupted. Either way using an antivirus program to modify another software vendors file is not risk free.

Edited July 22, 2014 by Patch

[Marcos 5,070]

MSG files nor PST files are not scanned by the on-demand scanner so there's no risk they could be deleted entirely.

[Arakasi 549]

If you drag an email to your desktop from Outlook, it is stored on disc as .msg. Completely separate from the personal storage table file.

Likewise if you copy 100 emails and archive them or forward them somewhere, or even 1 single email file being forwarded as you add item as an attachment.

However Microsoft uses the pst to store your emails inside outlook in a nice format for reading / filtering.

 

Does ESET scan a pst in the same method as an archive ? Recursively until all emails inside are scanned ? As well as remove 1 bad email from a pst ?

If this isnt done by on-demand scanner, i would be interested to learn why the e-mail files option is listed in the Threatsense parameters for Smart scan.

Or does ESET scan only the pst, or does ESET products not scan pst's at all and wait for the incoming port detection, or mail to be deteced by the Outlook plugin ?

 

Thanks

[Patch 16]

why is it checked for real time but no on-demand scan even though the option is avail?

 

Because that is the best setting (ie most likely to protect ESET users from harm), particularly for those users who are not confident enough to play with the default setting.

Scanning real time picks up malware prior to it causing any problem ie whenever it is accessed.

 

If ESET routinely scans the mail archive it will eventually find something and cleaning of some form will be attempted, probably with a user prompt. This would be at some risk to all of your other emails as ESET would have to clean malware from any past and future versions of a third parties program archives where the malware may not have complied with the conventional rules. This is clearly more difficult than Microsoft who only needs to deal with one version of a program and upgrade paths supported at their convenience.

 

An ESET user may not appreciate the risk to their other email when prompted at some random time in the future, especially a user not confident to alter the default ESET settings

 

If you drag an email to your desktop from Outlook, it is stored on disc as .msg. Completely separate from the personal storage table file.

Likewise if you copy 100 emails and archive them or forward them somewhere, or even 1 single email file being forwarded as you add item as an attachment.

However Microsoft uses the pst to store your emails inside outlook in a nice format for reading / filtering.

 

Does ESET scan a pst in the same method as an archive ? Recursively until all emails inside are scanned ? As well as remove 1 bad email from a pst ?

 

I assumed the real time scanner will pick up any moved or attached emails, deleting malware as appropriate.

Similar recursive scanning of an archive is only done if you change the default settings as described above and accept the risk to other emails in the archive (however small or large that may be at some time in the future)

Edited July 23, 2014 by Patch