Jump to content

Email attachments


Recommended Posts

I understand about "safe practices" when opening email attachments, but I was just wondering how MB works if you do open an infected attachment. I have friends and other family members who might not be so cautious in how they handle those attachments. Is saving the attachment and scanning it with MB the best way to go about it or will MB detect a problem when opening the attachment or does it wait until something in the attachment executes? Again, just curious about how MB handles this.

Link to post
Share on other sites

  • Staff

***This is an automated reply***

Hi,

Thanks for posting in the Malwarebytes 3 Help forum.

 

If you are having technical issues with our Windows product, please do the following: 

Spoiler

If you haven’t already done so, please run the Malwarebytes Support Tool and then attach the logs in your next reply:

NOTE: The tools and the information obtained is safe and not harmful to your privacy or your computer, please allow the programs to run if blocked by your system.

  1. Download Malwarebytes Support Tool
  2. Once the file is downloaded, open your Downloads folder/location of the downloaded file
  3. Double-click mb-support-X.X.X.XXXX.exe to run the program
    • You may be prompted by User Account Control (UAC) to allow changes to be made to your computer. Click Yes to consent.
  4. Place a checkmark next to Accept License Agreement and click Next
  5. You will be presented with a page stating, "Get Started!"
  6. Click the Advanced tab on the left column
    0. UI.png
  7. Click the Gather Logs button
    17. Advanced.png
  8. A progress bar will appear and the program will proceed with getting logs from your computer
    19. System Repair Progress.png
  9. Upon completion, click a file named mbst-grab-results.zip will be saved to your Desktop. Click OK
  10. Please attach the file in your next reply. Before submitting your reply, be sure to enable "Notify me of replies" like so:
     notify me.jpeg  

Click "Reveal Hidden Contents" below for details on how to attach a file:
 

Spoiler

To save attachments, please click the link as shown below. You can click and drag the files to this bar or you can click the choose files, then browse to where your files are located, select them and click the Open button.

mb_attach.jpg.220985d559e943927cbe3c078b
 

One of our experts will be able to assist you shortly.

 

If you are having licensing issues, please do the following: 

Spoiler

For any of these issues:

  • Renewals
  • Refunds (including double billing)
  • Cancellations
  • Update Billing Info
  • Multiple Transactions
  • Consumer Purchases
  • Transaction Receipt

Please contact our support team at https://support.malwarebytes.com/community/consumer/pages/contact-us to get help

If you need help looking up your license details, please head here: https://support.malwarebytes.com/docs/DOC-1264 

 

Thanks in advance for your patience.

-The Malwarebytes Forum Team

 

Link to post
Share on other sites

The best option is Verify and Corroborate and not save and scan.  Best Practices dictate to only open attachments if you are expecting email with an attachment from a known sender.

If you were not expecting email with an attachment one should ask themselves... Who sent the email with the attachment ?

Is it someone you know ?

  • If yes, contact them and ask them did they send email with an attachment, what it is and what it is for.  Verify with the sender about the email and corroborate that they intended to send you email with an attachment.
  • If No, delete the email.

MBAM only targets PE files and most email servers block them as email attachments.  Malicious actors may use techniques to obfuscate the attachment such as placing the executable file in an ISO or other non-standard archive file format.  Malwarebytes can't scan inside  non-standard archive file formats.  The file may come in a standard archive file format but may be password protected.  Anti Malware software can't scan files stored in a password protected archive file. 

Malicious actors may use scripted formats or document files as email attachments which Malwarebytes does not target via signatures.

That brings us back to Verify and Corroborate as the safest way to handle email with attachments.

 

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
Link to post
Share on other sites

24 minutes ago, Phxflyer said:

Is saving the attachment and scanning it with MB the best way to go about it or will MB detect a problem when opening the attachment or does it wait until something in the attachment executes? Again, just curious about how MB handles this.

It depends on the attachment.

Malwarebytes does not target script files during a scan.. That means MB will not target; JS, HTML, VBS, .CLASS, SWF, BAT, CMD, PDF, PHP, etc.

It also does not target documents such as; PDF, DOC, DOCx, XLS, XLSx, PPT, PPS, ODF, etc.

It also does not target media files;  MP3, WMV, JPG, GIF, etc.

Malwarebytes will detect files like these on execution only.

 

Link to post
Share on other sites

Hi,

Very good tips.  If I may just add.....advise all to not be hasty to "click" stuff.  Hold off on clicking without some very careful checking, like David suggested.

The bad guys use attachments in email as "a" way to move ransomware & spear phishing & other evil.  Don't ever be 'automatically' clicking.

Also watch out for cleverly worded lures in Email subject lines & body.

Never click links without first hovering your mouse over the link and seeing if it is going to an odd address ( one that does not fit or is odd looking or has typos).

Link to post
Share on other sites

Thanks for all the information. Although my wife and I are both aware of the "safe" practices, it never hurts to go over them. Again, the main reason I was asking is I have Norton Security now but plan on dumping it when my subscription expires and just using MB and Windows Defender so I just wanted to know in the event of a mistake and a "bad" attachment was opened how it would be handled. I posted a while back about "browser hijacking", "misdirecting"... whatever you want to call it... and that was cleared up so I was just trying to check on other routes "bad stuff" could get into your PC and what MB would do for protection.  I'm good with the above answers so unless you have something important to add, I think this has been cleared up. Thank you all for your input.

Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.