how can i dectet a virus mail?
By anirudhan
@anirudhan (183)
India
December 19, 2006 10:52am CST
once i happend to open a mail in my pc..and it destroyed many documents...i wish to escape from this problem next time.. i am using the norton antivirus.
4 responses
@Thewishlady (1057)
• Netherlands
19 Dec 06
Oke... some tips for you.
Are you sure emails protection is activated in your norton?
Further... if you do not know the sender of the email ...do not open it....
I must say I never get any virusses... I am using Avast which can be downloaded at http://www.Avast.com. This is a free antivirus.
Goodluck!
@Thewishlady (1057)
• Netherlands
22 Dec 06
Thanks for giving me Best Response! I am glad I could be helpful to you!
@anjuscor (1266)
• India
24 Jan 07
The CS, Extreme, and OSL email servers do a variety of filtering, blocking, and tagging of email messages in order to try and deal with the wide range of threats and annoyances posed by spam and virus-laden email. This policy details this filtering and explains the rationale for each of the steps in this process. Here is a sequential list of the battery of tests that an incoming email message is subjected to before it is delivered.
1. Virus Detection - We use the Virus Check component of the Sophos PureMessage scanner to detect email containing known viruses. When a virus is detected, the action taken depends on the class of virus detected.
* High Volume - The newest viruses that appear on the scene can spread with amazing speed and volume. It is not uncommon for more than 5000 copies of a single virus to arrive in just one day. In such cases, we simply discard these messages. This is a silent discard, meaning that a bounce message is not generated since the high volume of bounces can be disruptive.
* Medium to Low Volume - Some viruses come in with a sufficiently low volume that it is not necessary to silently discard them. In this case, the message is rejected so the sender will receive a bounce message letting them know the message was not delivered.
The classification of viruses as high volume is just done manually and evolves over time.
2. Unscannable Attachment Warnings - There are times when the virus scanner is unable to scan an attachment for viruses. When this happens, a warning message is added before the suspicious attachment to let the user know that the attachment that follows could not be scanned and may contain malicious content. This includes the following cases:
* Encrypted Attachments - When an attachment is encrypted, the scanner may be unable to unencrypt it to scan the contents. There are some viruses that send out encrypted attachments (with the encryption key given somewhere in the message) but there are also legitimate things like bank and credit card statements that come in encrypted. For this reason, we do not block encrypted attachments. Note that the virus scanner is able to identify and block many known viruses that arrive encrypted.
* Multi-Part Attachments - It is possible to send an attachment in such a way that it spans multiple mail messages. The virus scanner only has access to one part of the attachment at a time so it may not be able to determine if the entire attachment is a virus. Unfortunately, some mail clients will automatically reassemble the multiple parts of the attachment and present a possibly virus-laden attachment to you. These are not very common and it is possible for this feature to be used for legitimate reasons, so we do not block them.
* Corrupt Attachments - There are occasional attachments that the scanner will determine to be corrupt. This can happen for a number of reasons. For example, the attachment may be a corrupt .gz file, so the scanner is unable to uncompress the file to check it for viruses. We have seen rare cases where the scanner will tag a valid file as corrupt so we do not block them.
This filtering only applies to incoming email, not email originating on CS systems.
3. Blacklisted File Extensions - We use the Policy Bundle component of the Sophos PureMessage scanner to reject email containing attachments with certain file extensions. These attachment types include various executable formats that are commonly used by virus writers, including things like Windows .exe and .com executable formats as well as .zip archives that contain these executable file types. When such an attachment is found, the email is rejected and bounced back to the sender with a message stating that the attachment type not allowed.
If you routinely need to send/receive files with one of the blocked extensions, you should rename the file before you email it. For example, if you have a file named program.exe, you can rename it to something like program or program.foo to get through the email system. Once the email is received, the file can be renamed back to the original name.
Also note that these rejected messages are copied to the quarantine on the server and saved for 2 weeks. If a message that you need is rejected it can be forwarded to you from this quarantine queue during this time.
This filtering only applies to incoming email, not email originating on CS systems.
4. Suspicious File Extensions - We use the Policy Bundle component of the Sophos PureMessage scanner to watch for other attachments that have suspicious file types. These file types are commonly used by viruses but, unlike the Blacklisted File Extensions, these file extensions are also commonly used to transfer legitimate content. As a result, we do not simply reject them. Instead, we add a warning banner to the message to alert the recipient that the attachment is of a suspicious nature and should only be opened if absolutely certain that the content is not malicious.
5. PureMessage Spam Detection - We use the Anti-Spam component of the Sophos PureMessage scanner to try and classify email as spam. Messages are assigned a spam probability from 0-100% indicating the probability that a given message is spam. The action taken depends on the probability range:
* 99% - Messages in this highest range are rejected by the mail servers. When a message hits this probability range, the chance it really isn't spam is extremely low. When a message is rejected, the sender will receive a bounce message that indicates that the message was rejected as spam.
* 60-99% - Messages in this range are very likely to be spam, but there is a small false positive rate so we don't reject them. Instead, we add a tag to the Subject line of the message indicating the probability that the message is spam. For example, a message with the subject:
1 person likes this
@anirudhan (183)
• India
25 Jan 07
thanks for a detailed reply..it is very informative and i benifited from this much.
@clashing_titan (557)
• India
19 Dec 06
i dunno how it happened coz most of the mail service providers use strong antivirus programs to prevent any spread of virus thru their mail servers
even if the virus could get thru it ur norton shud have caught it
the problem here seems that ur antivirus was not updated - the virus definitions
go to the settings and turn automatic live update ON...and next time scan everything before u download and never open suspicious links...