Author Topic: Suspicious about Internet Mail Provider?  (Read 8465 times)

0 Members and 1 Guest are viewing this topic.

Zagor

  • Guest
Suspicious about Internet Mail Provider?
« on: December 07, 2005, 11:37:27 PM »
Just visit this address that Tech suggested earlier in the thread “avast and truprevent” regarding E-mail scanning tests:

http://www.gfi.com/emailsecuritytest/

Especially I’m concerned about Eicar test virus that avast did not detect with InternetMail Provider letting it stay in my inbox. Latter when I tried to run it, Standard Shield did a good job recognizing it!
I mean, Eicar is just a test virus which is built specifically to be detected from the antivirus program.
Why’s this?
« Last Edit: December 07, 2005, 11:40:42 PM by Zagor »

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67195
Re: Suspicious about Internet Mail Provider?
« Reply #1 on: December 08, 2005, 12:49:36 AM »
I’m concerned about Eicar test virus that avast did not detect with InternetMail Provider letting it stay in my inbox.
How? In a .zip file, in a .com file, into the message body?
The best things in life are free.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: Suspicious about Internet Mail Provider?
« Reply #2 on: December 08, 2005, 12:54:21 AM »
I did quite a bit of testing with Eicar test messages last week, the Internet Mail scanner caught every one I threw at it.

Was it a regular POP3 mail account that you used to download it?

Offline DavidR

  • Avast Überevangelist
  • Certainly Bot
  • *****
  • Posts: 88895
  • No support PMs thanks
Re: Suspicious about Internet Mail Provider?
« Reply #3 on: December 08, 2005, 01:44:18 AM »
Personally I'm more suspicious about the Independence of these tests when it would appear they are trying to sell you something, to help protect against these supposed vulnerabilities (relevant points highlighted below). Then again I'm a trusting sort of guy ;D
Quote
For an in-depth explanation of these vulnerabilities and why anti-virus is not enough, check out our white papers, Protecting your network against email threats, "One virus engine is not enough: The case for maximizing network protection with multiple anti-virus scanners" and Why You Need an Email Exploit Detection Engine. To protect once and for all against current and future threats, consider GFI MailSecurity.
Windows 10 Home 64bit/ Acer Aspire F15/ Intel Core i5 7200U 2.5GHz, 8GB DDR4 memory, 256GB SSD, 1TB HDD/ avast! free 24.2.6105 (build 24.2.8918.824) UI 1.0.799/ Firefox, uBlock Origin, uMatrix/ MailWasher Pro/ Avast! Mobile Security

Zagor

  • Guest
Re: Suspicious about Internet Mail Provider?
« Reply #4 on: December 08, 2005, 02:36:26 AM »
Got the point, but that doesn't justify the lack of efficiency here.
It was Eicar.com as an attachment.
For the rest of the tests Zone Alarm helped.
But with the email containing an HTA file in disguise and some Attachments which end with CLSID file extension avast didn’t do anything.

Zagor

  • Guest
Re: Suspicious about Internet Mail Provider?
« Reply #5 on: December 08, 2005, 02:39:06 AM »
Was it a regular POP3 mail account that you used to download it?
Yes.

compmanio36

  • Guest
Re: Suspicious about Internet Mail Provider?
« Reply #6 on: December 08, 2005, 03:11:56 AM »
Hmm, on all those emails, Avast flagged every last one of them, on my Comcast POP3 account through Outlook.  Make sure all your settings are turned to High on the resident protection is what I can tell you now, without knowing more.

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: Suspicious about Internet Mail Provider?
« Reply #7 on: December 08, 2005, 04:24:18 AM »
Perhaps you could show us the message source of an Eicar test message that made it to your inbox?  Of course, please remove any personally identifiable information first.

I'm not exactly clear how you generated your Eicar test messages (from where). Can you tell us?  I would like to repeat your test.

Zagor

  • Guest
Re: Suspicious about Internet Mail Provider?
« Reply #8 on: December 08, 2005, 04:42:35 AM »
My settings are not high, they are custom and checked every posible option for scanning, even all packers!!
It's my Yahoo account that's wrong!!
Others are fine.
In the header of the message there is no Outbound or Inbound mail scan confirmations when try to send from one of my accounts to Yahoo. Although I checked the boxes Insert clean note into either POP or SMTP scan, there is neither note in the body of the message!!
Avast is not scanning messages from Yahoo account!!!  >:( >:( >:(

Zagor

  • Guest
Re: Suspicious about Internet Mail Provider?
« Reply #9 on: December 08, 2005, 04:47:26 AM »
I've experimented And that is the explanation  :o

Avast has no problem with detection, but with Yahoo!

Why? What & where could  be the problem!!

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: Suspicious about Internet Mail Provider?
« Reply #10 on: December 08, 2005, 04:48:01 AM »
I just downloaded this from my Yahoo account and it was scanned.

I guess you haven't worked out how to download your Yahoo mail and have it scanned.

Let me know if you need any help.




Zagor

  • Guest
Re: Suspicious about Internet Mail Provider?
« Reply #11 on: December 08, 2005, 04:58:47 AM »

Let me know if you need any help.

Thanks,
Of course, how stupid of me!
It was impossible for Avast not to stop at least one of so many infected messages, but I was quick to judge!
I’ve tweaked avast very good. Sincerely I don’t know what to change...
Anybody..?

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: Suspicious about Internet Mail Provider?
« Reply #12 on: December 08, 2005, 05:02:36 AM »
When I asked you if this was a regular POP3 account that you used to download - I think you did not give me the correct information. 

For most places (and certainly where I live) Yahoo does not provide POP3 access.  If you want to convert Yahoo to POP3 to receive it in a mail client you need to use a  third party program like YPops, FreePops, MrPostman ... there may be others. 

Are you using one of those programs?

Zagor

  • Guest
Re: Suspicious about Internet Mail Provider?
« Reply #13 on: December 08, 2005, 05:06:31 AM »
When I asked you if this was a regular POP3 account that you used to download - I think you did not give me the correct information. 

For most places (and certainly where I live) Yahoo does not provide POP3 access.  If you want to convert Yahoo to POP3 to receive it in a mail client you need to use a  third party program like YPops, FreePops, MrPostman ... there may be others. 

Are you using one of those programs?
Sorry I thought I mentioned before, YahooPOPs!

Offline alanrf

  • Avast Evangelist
  • Massive Poster
  • ***
  • Posts: 3870
  • Just an avast user
Re: Suspicious about Internet Mail Provider?
« Reply #14 on: December 08, 2005, 05:16:50 AM »
I do not recall you mentioning YahooPops (YPops).  It has been a while since I last tested with it (I use FreePops).

As I recall, it uses localhost ports 110 and 25 as the defaults for POP3 and SMTP.

If you are using those defaults then the answer for you is quite simple.

Go to the Internet Mail provider. 
Click on the "Customize" button. 
Select the "Redirect" tab
Uncheck the "ignore local communications" box
Click "OK"

Probably best to stop and restart the Internet Mail Provider (just to be sure) and then your Yahoo mail will be scanned.  Give it a try!
« Last Edit: December 08, 2005, 05:18:57 AM by alanrf »