Sonic.net

Using SpamAssassin, Sonic does a splendid job filtering spam.

Does Sonic similarly filter malware attached to email messages?

If not, would Sonic consider implementing this functionality?

I'm not sure about other mail clients, but Thunderbird doesn't have it, and won't (supposedly due to design limitations).

Not delivering problem messages is probably preferable to letting the recipients fend for themselves, anyway.

If this topic has been addressed, please excuse me and point me to the discussion.

Thanks.

All email flows in and out of our systems are scanned for viruses and malware using a couple of different well known anti-virus systems. The overall number of viruses caught is very low - less than 100/day over several million messages/day. I suspect this is likely due to a shift away from email one of the primary virus vectors as well as the increase in use of webmail services.

It's good to know Sonic screens incoming and outgoing email for viruses.

Correct me if I'm wrong, but my understanding is, scanning won't detect viruses in encrypted/compressed files.

Also, malware isn't limited to viruses. An executable could be ransomware and still pass scanning.

For paranoid users (like myself), a user-configurable option to let or not let attached scripts, executables, zip files, etc., pass through, seems highly desirable. Is there one?

Does this option in Thunderbird do nothing?

Since Sonic's mail server and anti-virus applications (if installed) scan all incoming data by default, it's unclear how the Thunderbird security option provides additional protection.

OTOH, Thunderbird is still vulnerable to other (non-viral) malware that manages to pass through.

Blocking attachments (say, by user-configurable type) on Sonic's mail server would seem a better alternative.

FTTN subscriber wrote:It's good to know Sonic screens incoming and outgoing email for viruses.

Correct me if I'm wrong, but my understanding is, scanning won't detect viruses in encrypted/compressed files.

Also, malware isn't limited to viruses. An executable could be ransomware and still pass scanning.

For paranoid users (like myself), a user-configurable option to let or not let attached scripts, executables, zip files, etc., pass through, seems highly desirable. Is there one?

Any encrypted parts of a message should just look like garbage to the scanner. In theory, encryption is designed to only allow the sender and recipient to understand what is in the message. I am less sure about compression as anyone could uncompress a message but I don't know if Sonic does or not.

> Any encrypted parts of a message should just look like garbage to the scanner.
> In theory, encryption is designed to only allow the sender and recipient to understand what is in the message.

Encryption is often how viruses evade detection. The recipient won't necessarily know the sender, or expect to receive an encrypted attachment. Yet, if s/he somehow gets lured into decrypting the attachment, harm can happen.

> I am less sure about compression as anyone could uncompress a message but I don't know if Sonic does or not.

I use Security Essentials and Malwarebytes Anti-Malware. The former does attempt to decompress and look inside compressed files. The latter usually finishes much faster, leading to my (possibly false) impression that it doesn't.

Compressed archives inside of messages are decompressed and scanned. We cannot, of course, scan encrypted or password protected archives and have to allow them through.

Everyone should be running a highly rated and up-to-date virus scanner (which may or may not include the one preinstalled on their computer) regardless of any scanning we do.

> Compressed archives inside of messages are decompressed and scanned.

It's reassuring that Sonic does this. Kudos.

> We cannot, of course, scan encrypted or password protected archives and have to allow them through.

As mentioned at the start, a user blocking option (by attachment type) would provide further protection.

> Everyone should be running a highly rated and up-to-date virus scanner (which may or may not include the one preinstalled on their computer) regardless of any scanning we do.

Absolutely, although a user blocking option makes the difference between rejection of junk at the post office and same at our front door (which is sometimes too close for comfort).

FTTN subscriber wrote:> As mentioned at the start, a user blocking option (by attachment type) would provide further protection.

Maybe I am a little confused, how would they be able to tell the type of file if it is encrypted? Unless you want them to filter out certain types of encryption? If they could filter by type of file, would it go to a graymail like system?

If you are talking about filter unencrypted files, you can use Procmail. Proceed at your own risk. Check out

https://wiki.sonic.net/wiki/Spam_FAQ#Ho ... ssassin.3F
http://prefetch.net/blog/index.php/2005 ... -procmail/