|
-
May 7th, 2002, 04:23 AM
#11
Originally posted here by Airhead
One thing I'm a bit confused about. Is there something about the way Norton Antivirus does their scan that is different from the way Panda does their online ActiveScan? The reason I ask is that Panda's online scan caught a Majistr-infected attachment in an old email on my computer. It had apparently been sitting there for a few months and I'd forgotten about it and had never opened it. It is entirely possible that I had temporarily disabled email scanning at the time it came in, then if the email files were in the exclusion list, it wouldn't have been caught by Norton during my full scans.
Well, as txwebman said, I think, the defaults are there for a reason... my guesses with Norton? Chances are your email system has a NAV plug-in that it should be using, so it's pointless to scan the mail database from the filesystem when using the plug-in should be able to give it a more-comprehesive scan (including, for example, the ability to decrypt messages that are encrypted with a key held by your mail client or another plugin or similiar, etc).
So, in short, it's up to you to make the best policy decisions for your own network(s) and or system(s) and, well, you have to live by the consequences of such a choice.
Also, if Norton can scan the email as it is coming in (if that option is chosen), why shouldn't it be able to handle a scan of email when doing a full scan?
(I think I kinda answered this above, too)
Also, please remember that a virus scanner is simply a sophisticated "pattern matcher." So, there's always the caveat that a discussion about an virus can trigger an alarm on a message... or similiar.
My general principles about dealing with possibly-infected files... and this goes for things sent from people I know.
- Never trust an email attachment (particularly *.exe or *.scr)
- When dealing with documents sent to you, always use a viewer (not MSOffice)
\"Windows has detected that a gnat has farted in the general vicinity. You must reboot for changes to take affect. Reboot now?\"
-
May 7th, 2002, 04:48 AM
#12
"Making a big deal of it" or "Curiosity about how it works so one can better understand any implications" - I guess it is all in one's point of view. Guess I'm still an educator at heart. As little as I know about computer security, I know more than most of my friends and relatives, so am frequently asked for advice. And understanding how something works often allows one to go far beyond the answer to an immediate question.
As I said in post 4, slowing down the system while doing a manual scan isn't that big a deal. I was much more concerned about false positives. But since we aren't getting reports that people who tried it were driven to distraction with false positives, that may not be a problem, either.
-
May 7th, 2002, 05:15 AM
#13
Sorry, draziw, I didn't see your reply there before I wrote that last post. That description of a possible difference between the email scanning and a full system scan helps me better understand how these things may work.
Thanks to everyone for your replies and assistance. This is such a wonderful, helpful place! 
-
May 7th, 2002, 08:14 AM
#14
HeyAirhead:
Here ia a link to the NAV (2001) forum:
NAV 7.0 (2001) forum
You might find the answer that you seek there.
Good luck.
-
May 7th, 2002, 11:27 PM
#15
Whoa! Look at this from Symantec Technical Support in answer to a question asked by someone else on that NAV 2001 support board:
Certain types of files are included by default in the Norton AntiVirus exclusions list, and in fact the scanner will not work properly without them.
These files are excluded for safety reasons. They are mostly Microsoft application and data files which have been designed to integrate closely with your operating system. By design, they are resistant to modification, and serious corruption and data loss can result if NAV attempts to modify their contents.
Also, by Windows design, the contents of these files are inert until accessed by their parent applications. At this point they are written into temp files which are scanned, and you will be alerted to any malicious code present. You will then have an opportunity to act upon them.
For anyone with a burning desire to check that out in context, here is the source Symantec reply.
Guess it may not be such a good idea to eliminate those exclusions after all! Thanks for the reminder to check that board, Bucket.
BTW, Bucket, check your PM.
-
May 17th, 2002, 10:10 PM
#16
those are default settings. an antivirus program almost always has exclusions (unless you set it to scan all files and folders).
-
May 18th, 2002, 12:09 AM
#17
HeyRyan
It can be taken as given that these are default settings. The question raised by Airhead is why are these the default settings and is it OK to modify them ?
Do you have any ideas on this subject?
-
May 18th, 2002, 01:58 AM
#18
Don't modify the defaults.......
These files are excluded for safety reasons. They are mostly Microsoft application and data files which have been designed to integrate closely with your operating system. By design, they are resistant to modification, and serious corruption and data loss can result if NAV attempts to modify their contents.
-
May 18th, 2002, 02:03 AM
#19
Good answer, Kapperdog.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote