5

It is a common practice to append the "antivirus footers" to emails, e.g.:

Scanned by ClamAV

or

This email has been scanned by the XYZ Email Security service

There is many opinions about it, some say that it allows potential attacker to choose the way of attack which will avoid/bypass the revealed security mechanism.

The others say it works like a sign "Be aware, we care about our security" which could scare potential intruders.

I would like to collect all pros and cons of both approaches, I believe this kind of topic hasn't been discussed yet.

Anders
  • 64,406
  • 24
  • 178
  • 215
boleslaw.smialy
  • 1,627
  • 2
  • 15
  • 25
  • 1
    I think answers to this are primarily opinion based. But in no way you should trust a mail just because it has this footer since this is also added sometimes by malware mails. – Steffen Ullrich Dec 14 '16 at 10:59
  • I don't think that the question is primarily opinion-based. Of course there are things on which you could argue, but this is true for nearly everything. And there are some important points which are not opinion-based; e.g. in some cases it might be illegal to alter the message without the sender's approval. – K. Biermann Dec 14 '16 at 13:46
  • This would make stupid people believe that such e-mails are safe because they say so. Then some bad guys will start sending out malware which has supposedly been scanned by some big name antivirus and the idiots will fall for it. – André Borie Dec 14 '16 at 14:14
  • Every topic, which is not very well known, at the beginning is based on opinions. People exchange their opinions, discuss them and this is how best practices begins. I think this question should be re-open as pretty relevant for security personel and for people who need to take this kind of decisions. – boleslaw.smialy Dec 14 '16 at 16:12
  • @SteffenUllrich - Isn't the new wording a bit better to unblock the question? – boleslaw.smialy Dec 15 '16 at 08:21
  • @boleslaw.smialy: I don't see any new wording. I don't see any edit of the question at all. – Steffen Ullrich Dec 15 '16 at 08:44

1 Answers1

5

I don't think it's a good practice to include footers like this in email correspondences. My arguments:

  • It clutters your email thread, making the actual message stand out less
  • The info is irrelevant to most recipients
  • It's probably not wise to expose the anivirus mechanism to the outside if it can be prevented
  • As has been mentioned by Steffen already, the claim cannot be verified by the recipient anyway
  • Companies are supposed to have some form of antivirus checks in place anyway; "bragging" about it in email footers shouldn't be necessary.

To sum up, I personally take footers like this as a sign that something's fishy (about the mail or the company). Why would they mention that at all?

knipp
  • 589
  • 5
  • 14