Learn about the multitude of dangerous vectors of viral infection a simple e-mail can do and why you might just have to download the attachment to see if it is really safe.
Episode #11-32 released on April 6, 2021
Time and time again, you are warned about the dangers of opening an email attachment. Even I have explicit stated that the source of the email is not important, scan all attachments for viruses and malware and treat everything as dangerous. But I was asked a remarkably interesting question, do you scan it before you download it or after you download it.
Let us begin with some facts, some email clients do write that the email was scanned for viruses, some email servers do scan for viruses, too. E-mail itself is usually sent plaintext and can be modified by every server that handles the email on the way from sender to receiver. It is, also, possible to just write the text that the e-mail was scanned by any anti-virus, too.
Because an email is vulnerable to manipulation via the man in the middle attack and you cannot inherently trust any details within the email, the safest recourse is to treat all emails as possibly fraudulent. Before opening an attachments, you would have to have the attachment scanned.
Now, back to my original question, when do you scan the attachment? The answer is fairly straight forward, you can only scan files you can access directly with any form of confidence. You therefore have to download the file and scan it with your antivirus.
Keep in mind that most malware and trojans need to first be initiated before being able to infect a host device, meaning that provided you never run the file, you are usually safe to scan the file. However, that being said, there are reasons why emails clients do not open attachments by default and, also, do not download images or running scripting either. Most images are now programs that generate a specific image. Any program can be coerced into being a virus carrier. Worse yet, the best vector to infect a host computer is via scripting. The second the email preview window opens your computer risks infection, if scripting is enabled and not sandboxed correctly. This is why many email clients allow you to select which email addresses you are willing to allow images to load from. You are granted a whitelist to selectively choose who gets to load images and scripting, instead of blacklisting emails, which is a far more involved and dangerous method.
Host : Steve Smith | Music : | Editor : Steve Smith | Producer : Zed Axis Dot Net