BML

"We found damaged files"

Recommended Posts

I've just received an Email with the title, We found damaged files"  supposed from the one word title, "Support" .  I thought that it looked dodgy.

Share this post


Link to post
Share on other sites

Why do you think this is relevant to Emsisoft?      It just sounds like a normal phishing email (ie something trying to tempt you into clicking a link that you shouldn't click).

Share this post


Link to post
Share on other sites

I think that its relevant because I use Emsisoft as an antivirus.  It might well be a phishing email but experience has taught me that such emails can lead to a problem. 

Share this post


Link to post
Share on other sites

So far as I know, EAM is not one of the antivirus or antimalware products that scans incoming mail or outgoing mail, at least not in the way that other products I've used in the past do.  Certainly it's not an issue that's discussed here very often. 

Other products manage it by running a proxy email server on your machine; your email client then talks to that (though it thinks it is talking to a mail provider's servers), and the proxy then talks to the mail provider's servers.  Thus that middle program / proxy sees all the email as it passes in either direction and can check its contents, and typically they insert headers or text in a mail's signature saying that the mail was checked (as it arrived) or before it was sent.   Even when I've had a/virus software that in theory did that, it only worked with a handful of email clients - the most common ones. 

EAM's file guard can be configured so that - if you set it aggressively enough - it will scan any file that is created or modified as it is written to disk.  I guess that that might spot an incoming infected email as it is saved by an email client program, but probably not infected outgoing mail if it was being 'written' to an internet connection.  Some clients save individual incoming emails in individual files (so it might not break the client if such a file was suddenly quarantined).  Others save many emails (eg all those from a single folder) all in a single file, so if that file were quarantined your email client might crash when all the other data within that file suddenly became inaccessible.   I know that that concern is why the 'custom scan' now allows you to choose whether email client mail storage files will be scanned.   Even then, if eg the mail client compresses data before inserting it into such a file, a subsequent scan might not be able to uncompress each individual mail to check it.

Also, even if EAM can scan incoming mail as it's written to disk, I would think that trying to identify a phish is quite a lot different from looking for an infected attachment. 

 

Share this post


Link to post
Share on other sites

Well, at the moment I use webmail rather than an email client, so have slightly different concerns.

Also I have about 600 separate email addresses in use, and know what sort of email I'd expect to get coming to each one (there are groups/families of similar addresses for similar sorts of senders - eg online companies I buy things from, personal friends, local businesses etc - it's not as if I remember 600 completely different addresses).  Unless the claimed sender name (in an incoming mail's From address) matches at least the group/family type of the address the mail was sent to, I'm virtually certain something is iffy without even looking at its subject let alone its contents.   Some of my incoming mail is filtered according to the group/family type, and some in more detailed ways, so I isolate quite a lot of iffy mails automatically.

Also I read email in plain text, not HTML, so am very much less likely to be phished.     And I also look at the headers in emails quite often.

So, yes, I might open it if I wondered what it contained, or wanted to examine its headers.  But I sure as hell wouldn't click on anything within it.   

Share this post


Link to post
Share on other sites

Those 600 email addresses - are easy to use because I have a couple of my own domains (ie the bit after the '@' in an email address).   The reason I use so many, which of course is a bit of a nuisance to set up, is that in the past I've been caught out when an email address that I used for everyone I dealt with got compromised.  When I changed that I had to run the old address and the new ones in parallel for about a year, to be sure that everyone I deal with had stopped using the old one.  Now, if a single address starts attracting spam, I only have to tell one person to change the address they use for me, and we can continue easily.  I also know pretty much exactly which companies' employees have sold on customer lists etc.

Share this post


Link to post
Share on other sites
5 hours ago, BML said:

I think that its relevant because I use Emsisoft as an antivirus.  It might well be a phishing email but experience has taught me that such emails can lead to a problem. 

Our software doesn't block e-mails, or interface with your mail in any way. It would protect against malicious files in e-mails if they were saved on your computer somewhere, but aside from that we don't like to mess with e-mails.

In this case it should be safe to simply mark the e-mail in question as spam, and delete it.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Recently Browsing   0 members

    No registered users viewing this page.