Why do I need protection from e-mail?

The rise in popularity of e-mail worms has increased the need for everyone to have an antivirus product protecting their system, but many products don't adequately protect PCs from being infected. Often the increasing desire for integration between e-mail programs and office applications has left security holes that are quickly exploited by worms such as Klez and more recently by the Netsky variants. In these cases, e-mail can be structured so just viewing the message is enough to cause infection on a system where the security patches are out of date, which is common.

The problem lies in the way that many e-mail programs work - they download a mail message, and store it in their own database format. Antivirus programs work on scanning file types they understand through the regular file-system (for example, FAT16, FAT32, NTFS), so they don't necessarily have support for understanding the data structures that your e-mail program uses to store mail messages and their attached files. This means that should your PC download an infected e-mail that your software isn't patched for, not only does your PC become infected, but it becomes very difficult to clean your system and not lose all your e-mails (every time you look at the e-mail inbox you re-infect the PC). This caused a lot of people bother with the W32.Klez worm attacking antivirus programs as its first step, and the cleaning tools released by antivirus vendors affected by this attack were not capable of cleaning the contents of mailboxes.

There are two ways around this - either become very good at downloading all the patches for your Web browser and e-mail programs as they are released, or get an antivirus package that will hook into your mail program and browser and keep it up to date.

For the e-mail system to be adequately protected, it is important that the scanning take place before the e-mail is stored anywhere that it might execute or be triggered by the user. In other words, the e-mail system needs to hand off all data to the antivirus scanner as the mail is downloaded and sent from the system (or be talking to the POP3 server via the antivirus program).

Not all e-mail packages are supported for this kind of integration, but scanners exist that integrate tightly with versions of Microsoft Outlook Express, Microsoft Outlook, Netscape Messenger, Netscape, Eudora Pro and Becky Internet Mail. Some scanners also claim to integrate with any MAPI or POP3 client.