benhenry
10-28-2003, 02:23 AM
My batchfile worked correctly. But the viruses were not detected.
"Darny, darn, and phooey," I said to myself.
I knew the viruses were in the dbx files, and I knew my batchfile was operating in the way it was designed. Was there something wrong with my "second string" virus scanner?
Nope. The scanner checked out when I copied the emails to a containing folder and scanned them as eml files. The scanner detected every one. It had to be something about dbx files...
Throughout this test I have just been mentioning that I used an Outlook Express/TrendMicro/Grisoft combination of software for the various steps. But I actually repeated this whole test with Thunderbird/TrendMicro/Norton and OE/McAfee/Panda
(The very nice woman at my ISP will be receiving some delicious pies.)
The results were identical in every case. I know my sample is not large enough to be considered statistically conclusive, but in my opinion the results are a strong indication of an issue with email and virus scanning in general.
The viruses were never detected in the dbx (and msf) files because of the following:
Outlook Express (and ThunderBird) send and receive attachments in a format (MIME) that is used for email transmission of files. When received, the MIME encoding is then encoded again into the proprietary dbx and msf file formats for storage on your hard drive. This "breaks" the viral signature that the virus scan engine searches for when it checks a file.
Microsoft will not release the details of its proprietary dbx file format to anti-virus software engineers (or anyone else). So when your virus scanner hits the folder containing stored messages... it is wasting time. As the situation now stands viruses can remain hidden in dbx files.
Since Thunderbird is open source... I think it will just be a matter of time before anti-virus software will be able to scan the msf file format effeciently. But for the near future viruses can remain hidden in msf files.
In my opinion, this is an unfortunate situation. My method of providing a "second opinion" virus scan for my aunts is not going to work because of the proprietary nature of the dbx file format.
Maybe Microsoft will release the details of the dbx file format to developers. And maybe Amie will post a topic stating that I sing better than Adam Watkiss. (http://www.adamwatkiss.net/contents.html)
Sigh.
Until that happens there isa method that will work for your aunts and mine.
It is slightly awkward but it works. I will write about the details here:
An email virus scanning test. Part Six. (http://www.mypcclinic.com/forum/index.php?showtopic=1743)
"Darny, darn, and phooey," I said to myself.
I knew the viruses were in the dbx files, and I knew my batchfile was operating in the way it was designed. Was there something wrong with my "second string" virus scanner?
Nope. The scanner checked out when I copied the emails to a containing folder and scanned them as eml files. The scanner detected every one. It had to be something about dbx files...
Throughout this test I have just been mentioning that I used an Outlook Express/TrendMicro/Grisoft combination of software for the various steps. But I actually repeated this whole test with Thunderbird/TrendMicro/Norton and OE/McAfee/Panda
(The very nice woman at my ISP will be receiving some delicious pies.)
The results were identical in every case. I know my sample is not large enough to be considered statistically conclusive, but in my opinion the results are a strong indication of an issue with email and virus scanning in general.
The viruses were never detected in the dbx (and msf) files because of the following:
Outlook Express (and ThunderBird) send and receive attachments in a format (MIME) that is used for email transmission of files. When received, the MIME encoding is then encoded again into the proprietary dbx and msf file formats for storage on your hard drive. This "breaks" the viral signature that the virus scan engine searches for when it checks a file.
Microsoft will not release the details of its proprietary dbx file format to anti-virus software engineers (or anyone else). So when your virus scanner hits the folder containing stored messages... it is wasting time. As the situation now stands viruses can remain hidden in dbx files.
Since Thunderbird is open source... I think it will just be a matter of time before anti-virus software will be able to scan the msf file format effeciently. But for the near future viruses can remain hidden in msf files.
In my opinion, this is an unfortunate situation. My method of providing a "second opinion" virus scan for my aunts is not going to work because of the proprietary nature of the dbx file format.
Maybe Microsoft will release the details of the dbx file format to developers. And maybe Amie will post a topic stating that I sing better than Adam Watkiss. (http://www.adamwatkiss.net/contents.html)
Sigh.
Until that happens there isa method that will work for your aunts and mine.
It is slightly awkward but it works. I will write about the details here:
An email virus scanning test. Part Six. (http://www.mypcclinic.com/forum/index.php?showtopic=1743)