Delete from Server; Do not download from Server

Several times a day I receive a virus-laden email:
From: fryerin .
First I made a message rule not to download it from server. The resulting
action however was that it was put in my Deleted Items folder.
I then changed it to Delete at Server. But it still puts it in my Deleted
Items folder.
In both cases I specified "Where the From line contains
' or 'fryerin' ".
Why is OE putting it in me Deleted itemd folder and how can I get it to
either not download it or delete it at server?

Thanks for the help!
Janet

PS In all cases my anti-virus puts the virus in the virus vault, so I am not
worried about that.

"Janetb" wrote in message
...
Several times a day I receive a virus-laden email:
From: fryerin .
First I made a message rule not to download it from server. The resulting
action however was that it was put in my Deleted Items folder.
I then changed it to Delete at Server. But it still puts it in my Deleted
Items folder.
In both cases I specified "Where the From line contains
' or 'fryerin' ".
Why is OE putting it in me Deleted itemd folder and how can I get it to
either not download it or delete it at server?

Thanks for the help!
Janet

PS In all cases my anti-virus puts the virus in the virus vault, so I am
not
worried about that.


You AV scanner is intercepting the email before OE gets a chance to put
it's message rule to it. So it's already downloaded from the server and
Delete From Server canot be applied.

Turn AV scanning. You AV software, as long as you maintain up to dat e virus
definitions, will automatically detect a virus if you open one.

With AV scanning turned off, the rule,

Where the From line contains people
Delete from server

will be applied correctly and you won't see the message nor will your AV
software.

Thank you for your answer! One question:

I use Avast and AVG---both with automatic update. But suppose a new virus
hits my computer before my AV software gets their fix out.....

Thanks for the help!
Janet


"DGuess" wrote:


"Janetb" wrote in message
...
Several times a day I receive a virus-laden email:
From: fryerin .
First I made a message rule not to download it from server. The resulting
action however was that it was put in my Deleted Items folder.
I then changed it to Delete at Server. But it still puts it in my Deleted
Items folder.
In both cases I specified "Where the From line contains
' or 'fryerin' ".
Why is OE putting it in me Deleted itemd folder and how can I get it to
either not download it or delete it at server?

Thanks for the help!
Janet

PS In all cases my anti-virus puts the virus in the virus vault, so I am
not
worried about that.


You AV scanner is intercepting the email before OE gets a chance to put
it's message rule to it. So it's already downloaded from the server and
Delete From Server canot be applied.

Turn AV scanning. You AV software, as long as you maintain up to dat e virus
definitions, will automatically detect a virus if you open one.

With AV scanning turned off, the rule,

Where the From line contains people
Delete from server

will be applied correctly and you won't see the message nor will your AV
software.

On Wed, 9 Aug 2006 00:46:01 -0700, Janetb wrote:

I use Avast and AVG---both with automatic update. But suppose a new virus
hits my computer before my AV software gets their fix out.....

That actually happened to me. The only hope is vigilance. If you aren't
careful about attachments, you will get infected. "Care" simply means
don't handle an attachment in any way that might result in execution of
the payload. If the attachment is a zip file, with included password, as
was the case with my email, simply not opening the zip file is
sufficient to be safe.

Viral attachments have to be executed to infect the computer. Even
saving to disk won't execute the payload. Just be sure that your MS
Outlook Express is up to date, and leave the default security settings;
MSFT has finally tightened up the program so it is as safe as any client
out there. People who change MSOE to allow access to attachments need to
be especially careful, because that removes a large part of the safety
of MSOE.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

1. If I view my letters in the Preview pane, does that leave me open to
infection if I don't have my AV scan emails? I understand such viewing is
tantamount to opening, but perhaps just viv-a-vis the message and not the
attachment.

2. If MSOE default does not allow access to attachments, how can I see the
many legit attachments I get?

Thanks,
Janet


"N. Miller" wrote:

On Wed, 9 Aug 2006 00:46:01 -0700, Janetb wrote:

I use Avast and AVG---both with automatic update. But suppose a new virus
hits my computer before my AV software gets their fix out.....

That actually happened to me. The only hope is vigilance. If you aren't
careful about attachments, you will get infected. "Care" simply means
don't handle an attachment in any way that might result in execution of
the payload. If the attachment is a zip file, with included password, as
was the case with my email, simply not opening the zip file is
sufficient to be safe.

Viral attachments have to be executed to infect the computer. Even
saving to disk won't execute the payload. Just be sure that your MS
Outlook Express is up to date, and leave the default security settings;
MSFT has finally tightened up the program so it is as safe as any client
out there. People who change MSOE to allow access to attachments need to
be especially careful, because that removes a large part of the safety
of MSOE.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

"Janetb" wrote in message ...

| 1. If I view my letters in the Preview pane, does that leave me open to
| infection if I don't have my AV scan emails? I understand such viewing is
| tantamount to opening, but perhaps just viv-a-vis the message and not the
| attachment.

Plain text email cannot infect you just by looking at it. HTML Mail will not infect you just by looking at it, if you are running a current version of Outlook or Outlook Express and have your settings set to block images and attachments, and keep any version of the two up to date with the latest patches.

| 2. If MSOE default does not allow access to attachments, how can I see the
| many legit attachments I get?
|

You would have to toggle the access on/off as required. Then just click on another email and then click back on the one you want to look at with the attachment and it will be accessible or not as required.

--
Touch Base
Post back here on the result- good or bad

"Janetb" wrote in message
...
Thank you for your answer! One question:

I use Avast and AVG---both with automatic update. But suppose a new virus
hits my computer before my AV software gets their fix out.....

Thanks for the help!
Janet



That's why you always make sure you're up to date if you're not sure. I have
AVG set to automatically download and install updates at 3AM. Supposedly I'm
supposed to be done working by then but that doesn't always happen and I see
it update but have seen it fail to connect. I have to manually check then
and if I can't connect, I'll check firstt hing when I get up. If you're not
for sure when you start working for the day, check to see you are up to
date. Nothing is a given, you are responsible for making sure things are up
to date.

And you do scan attachments before opening them, even if they are from a
trusted source?

"Janetb" wrote in message
...
1. If I view my letters in the Preview pane, does that leave me open to
infection if I don't have my AV scan emails? I understand such viewing is
tantamount to opening, but perhaps just viv-a-vis the message and not the
attachment.


Turn off the preview pane, makes it easier to go thru and delete messages
without opening them and you just double click to open in a new window and
can read the messages a lot easier IMHO.

But reading them will not cause you to get a virus without some sort of
other action such as clicking on a link or opening and running an
attachment.

2. If MSOE default does not allow access to attachments, how can I see the
many legit attachments I get?


Turn off the setting. I only leave it on for the truly gullible.

If you save the attachments instead of running them, you stand a far greater
chance of never opening a virus. The only ones I've opened are the ones I've
intentionally sent myself or had other send me and now that won't even
happen unless I use my local mail server as Earthlink removes it before I
see it.

Common sense rules will keep you safe. If you don't know who sent the
attachment, don'topen it. If you get an email from Microsoft saying to
install this update that is attached, delete it (SHIFT Delete) as Microsoft
and other companies don't send out updates.

And don't click on links to web sites from unknown sources.

Also see www.oehelp.com/OETips.aspx There are a number of items there that
speak to the issues you raise.

steve

"Janetb" wrote in message
...
1. If I view my letters in the Preview pane, does that leave me open to
infection if I don't have my AV scan emails? I understand such viewing is
tantamount to opening, but perhaps just viv-a-vis the message and not the
attachment.

2. If MSOE default does not allow access to attachments, how can I see the
many legit attachments I get?

Thanks,
Janet


"N. Miller" wrote:

On Wed, 9 Aug 2006 00:46:01 -0700, Janetb wrote:

I use Avast and AVG---both with automatic update. But suppose a new
virus
hits my computer before my AV software gets their fix out.....

That actually happened to me. The only hope is vigilance. If you aren't
careful about attachments, you will get infected. "Care" simply means
don't handle an attachment in any way that might result in execution of
the payload. If the attachment is a zip file, with included password, as
was the case with my email, simply not opening the zip file is
sufficient to be safe.

Viral attachments have to be executed to infect the computer. Even
saving to disk won't execute the payload. Just be sure that your MS
Outlook Express is up to date, and leave the default security settings;
MSFT has finally tightened up the program so it is as safe as any client
out there. People who change MSOE to allow access to attachments need to
be especially careful, because that removes a large part of the safety
of MSOE.

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum

On Wed, 9 Aug 2006 04:56:38 -0700, Janetb wrote:

"N. Miller" wrote:

On Wed, 9 Aug 2006 00:46:01 -0700, Janetb wrote:

I use Avast and AVG---both with automatic update. But suppose a new virus
hits my computer before my AV software gets their fix out.....

That actually happened to me. The only hope is vigilance. If you aren't
careful about attachments, you will get infected. "Care" simply means
don't handle an attachment in any way that might result in execution of
the payload. If the attachment is a zip file, with included password, as
was the case with my email, simply not opening the zip file is
sufficient to be safe.

Viral attachments have to be executed to infect the computer. Even
saving to disk won't execute the payload. Just be sure that your MS
Outlook Express is up to date, and leave the default security settings;
MSFT has finally tightened up the program so it is as safe as any client
out there. People who change MSOE to allow access to attachments need to
be especially careful, because that removes a large part of the safety
of MSOE.

1. If I view my letters in the Preview pane, does that leave me open to
infection if I don't have my AV scan emails? I understand such viewing is
tantamount to opening, but perhaps just viv-a-vis the message and not the
attachment.

In its default configuration, WRT attachments and HTML, opening a
message in the latest versions of MSOE (since what level I don't recall)
should be safe. However, if you _must_ have the preview pane available,
I'd use the Toolbar Customization feature, and add a button to toggle
the Preview Pane. Leave it off when you first scan your list of new
email, while you decided if there are any dicey messages. Toggle it on
when you are satisfied that there is nothing dangerous. Toggle it off,
again, before closing MSOE.

2. If MSOE default does not allow access to attachments, how can I see the
many legit attachments I get?

You can't. MSOE has to allow access, event to just save the attachment
to disk. If you allow access to attachments, you _should_ use the "Save
to disk" option automatically. MSOE should have just defaulted to "Save
to disk", and never allowed any other means of access.

Frankly, I haven't used MS Outlook Express in a serious way in years; I
quit using it when I found a mail client (Pegasus Mail) with a rich rule
set. I have a MyRealBox account which gets about one spam message per
day. A very brief message with little to use for triggering a rule.
Impossible for MSOE to handle. Tricky even for Pegasus Mail. Because I
have not used this account for outside contact in years, I came up with
a rule that I could not implement in MSOE: "If the recipient proper name
is not me, and the "To:/Cc:" field is my MRB email address, move it to
antispam account". Because I can set up to send to "Me
", any email I send to that account will not be
filtered. Because the spammers don't have my name, they send to
", and the spam is filtered.

A side effect of using Pegasus Mail is that PM flat out won't execute
specific attachment filetypes. That can't be changed, or altered. If the
attachment is "attch.pif", "attch.vbs", "attch.exe", etc., etc. (there
are 40 predefined file types), PM will issue a warning, and refuse to
execute the attachment. I can only save it to disk, nothing else. For
any other file type than the 40 default file types listed, PM _always_
asks you what to do; unless you add that file type to the list. I have
added to file types with a "Warn" action, same as the 40 default:
"attch.emf", and "attch.wmf". I am sure that I should add others.

MSOE is over four years old, with only minor adjustments made since the
HTML and attachment blocking options. Those last two tend to be
"all-or-nothing" solutions. MSFT is finally working on a replacement;
but that won't help folks who aren't using Windows XP, or better.

Again, virus scanning of email tends to corrupt files in MSOE, and can
miss a viral attachment if the virus is a "zero day" virus. The "zero
day" virus is just a virus released into the wild half a millisecond
ago. It will take at least an hour from release into the wild before the
AV products get wind of it, and start working on a definition update.
That is what happened to me; except that I had other factors which
tripped my suspicions: I didn't know the sender, the attachment was a
password secured .zip, with the password included in the email. That
last, about the .zip+pw, is a common ploy for virus writers. Even though
the AV definitions I had were less than twelve hours old, the AV scanner
missed it. I just zipped that email, per the Symantec instructions for
submission of suspicious email, and sent it to them. Within 20 minutes I
had a response, and a new set of definitions to download, which alerted
on the attachment.

Had I had email scanning in effect, that viral attachment would not have
been caught. I know that because Norton did not alert on it when I saved
it to disk so I could run a second scan with an "on demand" scanner (you
should only have one "on access" scanner running at a time; but you can
use an "on demand" scanner. I recommend using a folder, call it,
"Quarantine", and exempting it from the "on access" scan). The second
opinion also failed to find a virus; even though its definition DB was
less than 24 hours old! Two up-to-date AV programs which missed a virus;
how about that!

--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum