You are correct that Mail Shield scans inbound and outbound email through clients such as Outlook or Thunderbird. So first of all Justin, we appreciate your business :) Haha, blast from the past indeed! This was before I began posting here (wow - 3 years goes fast) I think it scans the mailbox files now (four years later), but I don't know/remember off of the top of my head. We wound up going with Avast to block things coming in.
But when I right-click a Thunderbird mailbox file (INBOX with no file extension), everything except SEP will scan the file and return clean.ĭo you use a know virus to test that? If not, how would you know that an attachment is really infected? False-positives is one explanation. I know different AV clients have different methods- Avast pops up and blocks/deletes the attachments that come in via IMAP (Which uses SSL), while all the other clients did nothing when I tested it. But, as I was using Avast on my workstation, it caught it coming into the inbox and cleaned it.
This batch of paranoia comes from SEP not catching a Cryptolocker infection (.scr files!) emailed to a machine, nor detecting the file as a virus. I'm trying to head things off at the pass, and cover my ass if things do get through. Which is why I want to switch from SEP- Oh, it stops them from running it (After it's downloaded, and sometimes not even then depending on how new it is), and it lets me know what is in the mailboxes (but only after it scans overnight).
But they don't catch it before or as it hits the inbox, just when you try and run/download it.Īnd then they can't scan the actual mailbox file itself to remove the embedded attachment, so if something doesn't get caught coming in, it won't get picked up during nightly scans.
I have gone into the account, forwarded myself the offending email, and when I download the attachment, all the other AV clients pick it up as a virus of sorts.