Thursday, August 24, 2006

What to do when your antivirus catches something in the email

It is getting to be quite common for your antivirus program to catch things while scanning incoming email. Quite often you will end up with a warning that 'suspicious script' or a 'url' has been detected. As I have just received this question from a client, I figured it was something all should be aware of what actions you can take, which essentially as part of my service to you, is to provide you with solutions. This is the response I sent to this particular client in which case this may apply to you as well:

First of all when your antivirus catches something, it is usually true, in which case it will most likely 'place a cookie' at the least, if you were to open it. This cookie would be a tracking cookie meaning it will probably start sending you spam (junk mail) therefore you should take the error message seriously. Now, you mention that it is on a topic you are interested in, and that is typically why the tracking cookie or worse, the message was fine initially but your daughters computer has somehow been infected by possibly the same tracking cookie and has attached it to the file. If you get a message like this, instead of opening it, you should if you are unsure as you have done in notifying me, you could FORWARD AS AN ATTACHMENT (to me-if you wish for me to see if it is actually safe to open). Now the trick here is that you don't' want to open the message in order to forward it to me, therefore you need to RIGHT CLICK on the message and from the pop up menu, choose FORWARD AS AN ATTACHMENT . This will then open a new email and add the suspicious email to this new message as an attachment, which you can then address (to me if you wanted me to examine it) and I will see just what it is. If nothing else quite possibly remove the active script (tracking cookie) and send it back clean to you.

This is a warning from your antivirus and in a lot of cases, it may appear more serious then it is. On the other hand, one of the most asked questions I have had lately is "I seem to be getting a lot more junk mail then usual, why is this?".. and that my friend, is why you are getting more junk mail... due to that sort of email message .

I am not saying that is what this issue is but typically that is what I have found.

One final thing to remember, is that it is from someone you know and the fact that you got a suspicious message means you could simply do nothing at first. Open a new email message back to that person stating that the last message had some sort of suspicious script that you didn't want to open and simply get them to resend the file in a new email message, but first, get them to simply send a normal email to you that way you can see if it is to do with the attachment they were trying to send or if it is all the messages from that person. If you find the new email has the same problem then for sure, I would be notifying the person that was sending you the mail which is now showing up with viruses that they are the one that has problems. Also remember that it is only email and just how important can that message be if it has viruses? Obviously there are other ways of communicating and one way would be to direct you to the specific web page that may represent what the email message was about. They can send you a url link for example such as that is a link in which you can click on and it would take you to that particular page, instead of including the web page in the email message which was causing the action from your antivirus. If you would rather not send me the email message (forwarded as an attachment), please send along your current ip address of your computer and I will connect and take a look, but you have done the right thing so far by not opening it.

As always, my websites TIPS page has many other such tips including the CORRECT WAY TO SEND AND FORWARD MAIL TO MULTIPLE PERSONS.