If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
|
Thread Tools | Display Modes |
#1
|
|||
|
|||
Delete from Server; Do not download from Server
Several times a day I receive a virus-laden email:
From: fryerin . First I made a message rule not to download it from server. The resulting action however was that it was put in my Deleted Items folder. I then changed it to Delete at Server. But it still puts it in my Deleted Items folder. In both cases I specified "Where the From line contains ' or 'fryerin' ". Why is OE putting it in me Deleted itemd folder and how can I get it to either not download it or delete it at server? Thanks for the help! Janet PS In all cases my anti-virus puts the virus in the virus vault, so I am not worried about that. |
#2
|
|||
|
|||
Delete from Server; Do not download from Server
"Janetb" wrote in message ... Several times a day I receive a virus-laden email: From: fryerin . First I made a message rule not to download it from server. The resulting action however was that it was put in my Deleted Items folder. I then changed it to Delete at Server. But it still puts it in my Deleted Items folder. In both cases I specified "Where the From line contains ' or 'fryerin' ". Why is OE putting it in me Deleted itemd folder and how can I get it to either not download it or delete it at server? Thanks for the help! Janet PS In all cases my anti-virus puts the virus in the virus vault, so I am not worried about that. You AV scanner is intercepting the email before OE gets a chance to put it's message rule to it. So it's already downloaded from the server and Delete From Server canot be applied. Turn AV scanning. You AV software, as long as you maintain up to dat e virus definitions, will automatically detect a virus if you open one. With AV scanning turned off, the rule, Where the From line contains people Delete from server will be applied correctly and you won't see the message nor will your AV software. |
#3
|
|||
|
|||
Delete from Server; Do not download from Server
Thank you for your answer! One question:
I use Avast and AVG---both with automatic update. But suppose a new virus hits my computer before my AV software gets their fix out..... Thanks for the help! Janet "DGuess" wrote: "Janetb" wrote in message ... Several times a day I receive a virus-laden email: From: fryerin . First I made a message rule not to download it from server. The resulting action however was that it was put in my Deleted Items folder. I then changed it to Delete at Server. But it still puts it in my Deleted Items folder. In both cases I specified "Where the From line contains ' or 'fryerin' ". Why is OE putting it in me Deleted itemd folder and how can I get it to either not download it or delete it at server? Thanks for the help! Janet PS In all cases my anti-virus puts the virus in the virus vault, so I am not worried about that. You AV scanner is intercepting the email before OE gets a chance to put it's message rule to it. So it's already downloaded from the server and Delete From Server canot be applied. Turn AV scanning. You AV software, as long as you maintain up to dat e virus definitions, will automatically detect a virus if you open one. With AV scanning turned off, the rule, Where the From line contains people Delete from server will be applied correctly and you won't see the message nor will your AV software. |
#4
|
|||
|
|||
Delete from Server; Do not download from Server
On Wed, 9 Aug 2006 00:46:01 -0700, Janetb wrote:
I use Avast and AVG---both with automatic update. But suppose a new virus hits my computer before my AV software gets their fix out..... That actually happened to me. The only hope is vigilance. If you aren't careful about attachments, you will get infected. "Care" simply means don't handle an attachment in any way that might result in execution of the payload. If the attachment is a zip file, with included password, as was the case with my email, simply not opening the zip file is sufficient to be safe. Viral attachments have to be executed to infect the computer. Even saving to disk won't execute the payload. Just be sure that your MS Outlook Express is up to date, and leave the default security settings; MSFT has finally tightened up the program so it is as safe as any client out there. People who change MSOE to allow access to attachments need to be especially careful, because that removes a large part of the safety of MSOE. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum |
#5
|
|||
|
|||
Delete from Server; Do not download from Server
1. If I view my letters in the Preview pane, does that leave me open to
infection if I don't have my AV scan emails? I understand such viewing is tantamount to opening, but perhaps just viv-a-vis the message and not the attachment. 2. If MSOE default does not allow access to attachments, how can I see the many legit attachments I get? Thanks, Janet "N. Miller" wrote: On Wed, 9 Aug 2006 00:46:01 -0700, Janetb wrote: I use Avast and AVG---both with automatic update. But suppose a new virus hits my computer before my AV software gets their fix out..... That actually happened to me. The only hope is vigilance. If you aren't careful about attachments, you will get infected. "Care" simply means don't handle an attachment in any way that might result in execution of the payload. If the attachment is a zip file, with included password, as was the case with my email, simply not opening the zip file is sufficient to be safe. Viral attachments have to be executed to infect the computer. Even saving to disk won't execute the payload. Just be sure that your MS Outlook Express is up to date, and leave the default security settings; MSFT has finally tightened up the program so it is as safe as any client out there. People who change MSOE to allow access to attachments need to be especially careful, because that removes a large part of the safety of MSOE. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum |
#6
|
|||
|
|||
Delete from Server; Do not download from Server
"Janetb" wrote in message ... | 1. If I view my letters in the Preview pane, does that leave me open to | infection if I don't have my AV scan emails? I understand such viewing is | tantamount to opening, but perhaps just viv-a-vis the message and not the | attachment. Plain text email cannot infect you just by looking at it. HTML Mail will not infect you just by looking at it, if you are running a current version of Outlook or Outlook Express and have your settings set to block images and attachments, and keep any version of the two up to date with the latest patches. | 2. If MSOE default does not allow access to attachments, how can I see the | many legit attachments I get? | You would have to toggle the access on/off as required. Then just click on another email and then click back on the one you want to look at with the attachment and it will be accessible or not as required. -- Touch Base Post back here on the result- good or bad |
#7
|
|||
|
|||
Delete from Server; Do not download from Server
"Janetb" wrote in message ... Thank you for your answer! One question: I use Avast and AVG---both with automatic update. But suppose a new virus hits my computer before my AV software gets their fix out..... Thanks for the help! Janet That's why you always make sure you're up to date if you're not sure. I have AVG set to automatically download and install updates at 3AM. Supposedly I'm supposed to be done working by then but that doesn't always happen and I see it update but have seen it fail to connect. I have to manually check then and if I can't connect, I'll check firstt hing when I get up. If you're not for sure when you start working for the day, check to see you are up to date. Nothing is a given, you are responsible for making sure things are up to date. And you do scan attachments before opening them, even if they are from a trusted source? |
#8
|
|||
|
|||
Delete from Server; Do not download from Server
"Janetb" wrote in message ... 1. If I view my letters in the Preview pane, does that leave me open to infection if I don't have my AV scan emails? I understand such viewing is tantamount to opening, but perhaps just viv-a-vis the message and not the attachment. Turn off the preview pane, makes it easier to go thru and delete messages without opening them and you just double click to open in a new window and can read the messages a lot easier IMHO. But reading them will not cause you to get a virus without some sort of other action such as clicking on a link or opening and running an attachment. 2. If MSOE default does not allow access to attachments, how can I see the many legit attachments I get? Turn off the setting. I only leave it on for the truly gullible. If you save the attachments instead of running them, you stand a far greater chance of never opening a virus. The only ones I've opened are the ones I've intentionally sent myself or had other send me and now that won't even happen unless I use my local mail server as Earthlink removes it before I see it. Common sense rules will keep you safe. If you don't know who sent the attachment, don'topen it. If you get an email from Microsoft saying to install this update that is attached, delete it (SHIFT Delete) as Microsoft and other companies don't send out updates. And don't click on links to web sites from unknown sources. |
#9
|
|||
|
|||
Delete from Server; Do not download from Server
Also see www.oehelp.com/OETips.aspx There are a number of items there that
speak to the issues you raise. steve "Janetb" wrote in message ... 1. If I view my letters in the Preview pane, does that leave me open to infection if I don't have my AV scan emails? I understand such viewing is tantamount to opening, but perhaps just viv-a-vis the message and not the attachment. 2. If MSOE default does not allow access to attachments, how can I see the many legit attachments I get? Thanks, Janet "N. Miller" wrote: On Wed, 9 Aug 2006 00:46:01 -0700, Janetb wrote: I use Avast and AVG---both with automatic update. But suppose a new virus hits my computer before my AV software gets their fix out..... That actually happened to me. The only hope is vigilance. If you aren't careful about attachments, you will get infected. "Care" simply means don't handle an attachment in any way that might result in execution of the payload. If the attachment is a zip file, with included password, as was the case with my email, simply not opening the zip file is sufficient to be safe. Viral attachments have to be executed to infect the computer. Even saving to disk won't execute the payload. Just be sure that your MS Outlook Express is up to date, and leave the default security settings; MSFT has finally tightened up the program so it is as safe as any client out there. People who change MSOE to allow access to attachments need to be especially careful, because that removes a large part of the safety of MSOE. -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum |
#10
|
|||
|
|||
Delete from Server; Do not download from Server
On Wed, 9 Aug 2006 04:56:38 -0700, Janetb wrote:
"N. Miller" wrote: On Wed, 9 Aug 2006 00:46:01 -0700, Janetb wrote: I use Avast and AVG---both with automatic update. But suppose a new virus hits my computer before my AV software gets their fix out..... That actually happened to me. The only hope is vigilance. If you aren't careful about attachments, you will get infected. "Care" simply means don't handle an attachment in any way that might result in execution of the payload. If the attachment is a zip file, with included password, as was the case with my email, simply not opening the zip file is sufficient to be safe. Viral attachments have to be executed to infect the computer. Even saving to disk won't execute the payload. Just be sure that your MS Outlook Express is up to date, and leave the default security settings; MSFT has finally tightened up the program so it is as safe as any client out there. People who change MSOE to allow access to attachments need to be especially careful, because that removes a large part of the safety of MSOE. 1. If I view my letters in the Preview pane, does that leave me open to infection if I don't have my AV scan emails? I understand such viewing is tantamount to opening, but perhaps just viv-a-vis the message and not the attachment. In its default configuration, WRT attachments and HTML, opening a message in the latest versions of MSOE (since what level I don't recall) should be safe. However, if you _must_ have the preview pane available, I'd use the Toolbar Customization feature, and add a button to toggle the Preview Pane. Leave it off when you first scan your list of new email, while you decided if there are any dicey messages. Toggle it on when you are satisfied that there is nothing dangerous. Toggle it off, again, before closing MSOE. 2. If MSOE default does not allow access to attachments, how can I see the many legit attachments I get? You can't. MSOE has to allow access, event to just save the attachment to disk. If you allow access to attachments, you _should_ use the "Save to disk" option automatically. MSOE should have just defaulted to "Save to disk", and never allowed any other means of access. Frankly, I haven't used MS Outlook Express in a serious way in years; I quit using it when I found a mail client (Pegasus Mail) with a rich rule set. I have a MyRealBox account which gets about one spam message per day. A very brief message with little to use for triggering a rule. Impossible for MSOE to handle. Tricky even for Pegasus Mail. Because I have not used this account for outside contact in years, I came up with a rule that I could not implement in MSOE: "If the recipient proper name is not me, and the "To:/Cc:" field is my MRB email address, move it to antispam account". Because I can set up to send to "Me ", any email I send to that account will not be filtered. Because the spammers don't have my name, they send to ", and the spam is filtered. A side effect of using Pegasus Mail is that PM flat out won't execute specific attachment filetypes. That can't be changed, or altered. If the attachment is "attch.pif", "attch.vbs", "attch.exe", etc., etc. (there are 40 predefined file types), PM will issue a warning, and refuse to execute the attachment. I can only save it to disk, nothing else. For any other file type than the 40 default file types listed, PM _always_ asks you what to do; unless you add that file type to the list. I have added to file types with a "Warn" action, same as the 40 default: "attch.emf", and "attch.wmf". I am sure that I should add others. MSOE is over four years old, with only minor adjustments made since the HTML and attachment blocking options. Those last two tend to be "all-or-nothing" solutions. MSFT is finally working on a replacement; but that won't help folks who aren't using Windows XP, or better. Again, virus scanning of email tends to corrupt files in MSOE, and can miss a viral attachment if the virus is a "zero day" virus. The "zero day" virus is just a virus released into the wild half a millisecond ago. It will take at least an hour from release into the wild before the AV products get wind of it, and start working on a definition update. That is what happened to me; except that I had other factors which tripped my suspicions: I didn't know the sender, the attachment was a password secured .zip, with the password included in the email. That last, about the .zip+pw, is a common ploy for virus writers. Even though the AV definitions I had were less than twelve hours old, the AV scanner missed it. I just zipped that email, per the Symantec instructions for submission of suspicious email, and sent it to them. Within 20 minutes I had a response, and a new set of definitions to download, which alerted on the attachment. Had I had email scanning in effect, that viral attachment would not have been caught. I know that because Norton did not alert on it when I saved it to disk so I could run a second scan with an "on demand" scanner (you should only have one "on access" scanner running at a time; but you can use an "on demand" scanner. I recommend using a folder, call it, "Quarantine", and exempting it from the "on access" scan). The second opinion also failed to find a virus; even though its definition DB was less than 24 hours old! Two up-to-date AV programs which missed a virus; how about that! -- Norman ~Oh Lord, why have you come ~To Konnyu, with the Lion and the Drum |
|
Thread Tools | |
Display Modes | |
|
|