Email attachments

[mcoliver]

When you send out an email that has an attachment (like word, excel, any .exe, etc.) which you know is virus-free (from your PC), is it possible for them to get infected along the way?

Thanks.

[shred]

Not usually. Anything's possible, but I've never heard of it. I suppose if your mail were routed through an infected server wherein the virus infected the attachment, but that requires a whole lot of stuff most viruses don't have.

E-mail is all about handing your bits from one server to another until the last one in the chain is the destination, so any one of them could in theory hose you, but it still seems unlikely.

But, if you're seeing 'Attachment X deleted due to virus' errors, it's much more likely to be an over-aggressive e-mail filter or incoming virus scanner than a real problem-- zip the file with a password and try again.

If you sent something to somebody and now they say they have a virus, I'd be skeptical you caused it without further evidence.

[ratblat]

Not usually. Anything's possible, but I've never heard of it. I suppose if your mail were routed through an infected server wherein the virus infected the attachment, but that requires a whole lot of stuff most viruses don't have.

E-mail is all about handing your bits from one server to another until the last one in the chain is the destination, so any one of them could in theory hose you, but it still seems unlikely.

But, if you're seeing 'Attachment X deleted due to virus' errors, it's much more likely to be an over-aggressive e-mail filter or incoming virus scanner than a real problem-- zip the file with a password and try again.

If you sent something to somebody and now they say they have a virus, I'd be skeptical you caused it without further evidence.

I tottally agree , with you , what i do is zip any file like word doc or excel , that way when the file is being sent or on your computer ready for sending , a virus cannot add it self to the file when zipped , if you scan the doc before putting it in a zip , then you know the file will be safe , it cannot be infected while in transit as to say , to the other source , unless the other sourse as a virus on there's , if that is the case , when they unzip and open , the virus attaches itself n, and then the other person thinks you sent them a virus , this does happen alot...

[raz-0]

The only way what you suggested could happen realisticly, would be if someone had control of your outgoing mail server, had control of the destination mail server, or had set up a server to spoof the destination server and then relayed the mail. The last scenario would be EXTREMELY difficult to pull of convincingly in the real world if the ultimate destination system has any kind of spam or virus filtering as the reverse path would be very unacceptable looking. The main realistic situation would be someone within an organization that shared resources making a malicious attack against the organizations infrastructure. (aka disgruntled worker sabotage, or spying, screwing over a peer)

The other possibility would be a trojan of some sort setting up a proxy on your system and instead of the chain going your client->ISP mail server->recipient mail server->recipient client, it'd look like your client->local trojan proxy->ISP mail server->recipient mail server->recipient client. As far as I know, there is not currently anything out there that behaves like that. It would be horribly intractable as far as viruses go as all the viruses would look genuine and trusted, but at the same time it would spread pretty slowly because the rate of disemination is at the whim of the infected user and not the virus. But spreading spyware or spamware (turns your box into an open relay) that way would be quite nasty.

but like I said, I haven't heard of something like that yet.

[robomanusa]

There are a few known viruses and trojans capable of infecting incoming mail at the gateway to send it on to its destination, most current mailscanners will detect password protected zip files and apply filename scanning of contents and deny the zip if need be. I handle alot of my own mail myself as to not have to rely on my isp for anything I dont have to. I currently use MailScanner w/spamassasin, f-prot,bit-defender and clamAv. That combination will 99% of the time catch anything coming across my mailserver I do not want.