When is a system infected?

[jcassidy]

We have a mail server with the capability to either block an attachment extention or make the user save it to disk before opening. I am trying to figure out if it would be beneficial to set Word docs for the second level of security making users save an attachment before opening it. If a file is infected, the desktop AV software will catch it being saved before the file is actually "executed".

My question is this... When you execute a file (like say out of Outlook) and your AV software picks it up, is there still more risk of infection propagating than if the infected file is caught while just being copied?

I know a temp file is created for each file opened in Outlook. Is this file locked and uncleanable in this state? I'm not even sure a file is written if the AV software picks it up and I have no way to test as our mail servers also have their own virus scanners. Defense in depth is key.

 

[JPLWU]

I would not advise saving it onto the system, for this reason: ALL AV software out only catches what virii has been discovered, decompiled, and have a signature file created for them, AV software does not protect computers in every instance. If you allow users to download a file that is a virus but not caught by the virus scan, you will be dealing with a much larger problem. At least at the email server level you can filter out such occurrences, and the file will not open on the local computer. This is just my opinion I am sure many other people feel differently, I feel better safe than sorry.

If you think you can, you might...if you know you can then you will.

A+

 

[prworld]

Hi

We have AV scanning on our MailServer. We scan all mail coming in-out using NAV 2005 to good effect, it checks the emails and attachments before they are processed by the mail server.