NIS 2013 & Thunderbird 17.07

Norton Security | Norton Internet Security
1

NIS is unable to catch malware fetched on port 110 by Thunderbird, since Thunderbird does STARTTLS for CONNECTION SECURITY.  Thus, cutting NIS' proxy out of the loop.

 

As a result a full system scan latter finds malware in Thunderbird's disk mail files.  (However, the deleting of malware does not seem to corrupt Thunderbird's mail files.)

 

Would it be better to change CONNECTION SECURITY for Thunderbird to NONE so that the NIS' proxy on port 110 would be able detect inbound malware at the point of inception?

 

Thank you for your consideration.

2

Hi Mark_Kratzer,

 

Email scanning is basically a redundant feature, since Auto-Protect will neutralize any threat that might have been detected earlier by an incoming email scan.  You can also save any attachment to disk and run a custom scan on the file before opening it.  Therefore, email scanning is not considered to be a critical component, and as more email service providers move to requiring the use of secure ports, its use is in steady decline.  The consensus nowadays seems to be that it is preferable to use secure connections, even at the expense of the convenience of email traffic scanning - even if you have a choice in the matter.

 

Although you have not experienced any issues so far, I would still recommend excluding your Inbox and other important mail folders from scanning.  There is always a possibility of corruption, or having your entire folder quarantined.

 

Required reading:

 

http://kb.mozillazine.org/Thunderbird_:_FAQs_:_Anti-virus_Software

 

http://kb.mozillazine.org/Email_scanning_-_pros_and_cons

3

Thank you for your guidance.  Although I prefer to catch malware at the earliest possible moment, it would have necessitated turning off STARTTLS and conveying my mail server logon in clear text.  Not something I want to do.

 

I have followed your recommendations and excluded only the TB mail folder from SCAN and SONAR.

 

I tested with EICAR.  One machine is XP/NIS 2012 (waiting to upgrade) and the other is WIN7/NIS 2013.  Interestingly, I found NIS 2013's handling of EICAR to be much more aggressive.

 

Thanks again!