Jorey Bump wrote: > I don't understand the "extra layer of security" part that would be > magically imparted by saving the attachments in a separate location. > They are still as deadly as they were when they were part of the > message/mbox.
Case in point about this user I just moved over to Eudora. He's gotten in about a half-dozen Sircam viruses since his conversion. When Eudora attempts to save the infected attachment, this triggers the AV app to take notice. Nasty taken care of before he even had a chance to click on it. In the case of an app that doesn't seperate the attachments, such as Mozilla, the virus remains in the mail folder until the user attempts to access it. When an attachment is clicked on it must first be saved locally. Once the save action is attempted, then the AV software is triggered. Norton tries working around this by setting up a mail proxy on the users box that scans the mail prior to even coming into the InBox. I have to imagine this was an attempt to not have to deal with variations to the mbox format that many mail clients have. In summary, by having the mail detatched immediately has the effect of triggering AV software to act upon it immediately. All the while leaving the mbox files alone, and intact. This really does work quite nicely, as I'm getting to see for the first time myself on this user's PC. Later on, -- "Outside of a dog, a book is man's best friend. Inside of a dog, it's too dark to read." - Groucho Marx
