Is there any point to anti-virus software for email?

[MarkHopkins]

I use anti-virus software; have done for as long as I can remember.

But... A bunch of emails come in, all similar but with slightly different titles, all inviting me to open the attachment because of the important missed payment or whatever. Maybe there will be one or two that say "Antivirus blocked this email", but mostly they are not stopped.

What is the point of the software? Obviously I am not going to open them, but if the antivirus cannot stop the majority of them then why bother? Actually it's worse as it might lead some people to think that they are safe if the email has come in past the antivirus.

I've tried various antivirus software and others have not been any better. Maybe the best approach is to train everyone to use extreme caution...

 

[zigojacko]

If the anti-virus software is not blocking these emails (providing it does actually monitor inbound emails) then it's not worth the money you're paying for it.

 

[Kixo]

there are providers (we are one) who check all inbound and outbound emails before they hit your inbox, or as you send a email before they hit your clients, it doesn't add anything like "scanned by" like most AV programs do it simply just filters out before it gets to you.

Is this for a company of a single email address?

 

[MarkHopkins]

I do have more than one email address, so I may see what others do not.

The software seems to work well for other aspects, but emails are just not caught regularly. I've tried other software and it's been no better.

 

[zigojacko]

All our company email runs through Gmail's servers now so rarely do we see any email spam in our inbox but even before that, Avast Pro blocked 99% of this type of email spam for us.

Depending on who is operating your mail servers, you may find that there is some false signals being sent out which makes them avoid the AV checks. Either that or the AV software you have been trying is rubbish.

 

[MikeJ]

We run Avast pro, and regularly see a virus come through. They're generally embedded in Excel or Word files. It's odd, we can see 10 or 20 in a day, and it'll strip the virus from one or two. However, it will stop any file running if you do try to open the attachment.

 

[KM-Tiger]

No AV software is perfect. The best bet IMHO is to run one on the mailserver and a different one on your client. It's rare for a virus (if it is a virus) to get past two.

Does your email provider scan for viruses?

 

[nahosting]

Your email server anti virus should pick up the majority of viruses, if configured properly, and I would look there first. If it is your mail server then I would contact your vendor as they are generally helpful in resolving these types of issues. If it is a third party you are using for our email services then I would recommend looking else where.

 

[Burtech]

Have you looked at using a third party such as MessageLabs (run by Symantec), you point your email MX records at them and then configure MessageLabs to then forward it onto your email server, they act as a middle man and have fantastic anti virus and spam engines as well as providing white and black listing of email domains and addresses.

 

[Chris Routledge]

Do you know if there is a virus attached to these emails? There is a good chance that if there was that the virus software did remove it but still allow the email through.

Some virus software removes the virus and replaces it with a word file which explains that it's been removed for whatever reason. Of course some viruses come in on legitimate emails and so deleting the email wouldn't necessarily be the best course of action.

 

[MarkHopkins]

To clarify, my upstream provider is good at separating out spam/bulk email which then goes into a separate folder.

If I just deleted these blindly then I might never have noticed, as most of the virus emails are also flagged as sent in bulk. However, when I scan through these I can see there are emails with attachments and fake messages enticing me to open in it in the subject. These are likely to be viruses.

When a number of very similar ones of these arrive, only a low fraction are flagged up as caught by the antivirus. Though it's as obvious as possible (without risking opening them) that the rest will be viruses too.

I write software including C++, SQL, PHP, etc so I believe everything is configured correctly .

Do other people check through the spam folder - or do you just delete all bulk messages?

 

[KM-Tiger]

Do other people check through the spam folder - or do you just delete all bulk messages?

No because anything containing a virus or with too high a Spam score is rejected at SMTP time, so never gets in.

The bounce message is meaningful and includes a phone number, which allows us to deal with the very occasional false positive.

 

[MattDV]

All large email providers have free email scan which is 100% more reliable than these scammy anti virus company that spread their own viruses. IMHO