Print Page | Close Window

Virus' getting through

Printed From: LogSat Software
Category: Spam Filter ISP
Forum Name: Spam Filter ISP Support
Forum Description: General support for Spam Filter ISP
URL: https://www.logsat.com/spamfilter/forums/forum_posts.asp?TID=6861
Printed Date: 27 December 2024 at 11:55am


Topic: Virus' getting through
Posted By: lyndonje
Subject: Virus' getting through
Date Posted: 06 August 2010 at 11:01am
Hi Roberto,

A client has received an email with an attachments which contains a virus. They have then forward this email onto myself which again was not stopped.

I uploaded the file to http://www.virustotal.com, which has scanned the file with 38 different engines, which is reported by the Norman engine as:

Antivirus Version Last Update Result
Norman 6.05.11 2010.08.06 Suspicious_Gen2.BSZAK

I've checked the SF logs and I see the line where it says scanning for viruses, it then queues for delivery. In the SF GUI, it reports that the AV files are found with the following definitions:

NvcBin.def 15/07/2010 09:45:44
NvcMacro.def 15/07/2010 09:13:54
Nvclncr.def 06/08/2010 01:17:50
Nse_w32.dll 24/06/2010 11:41:26
NCL.dll 24/06/2010 11:27:06

Any ideas? Anything you want from me?

Thanks,
Lyndon



Replies:
Posted By: LogSat
Date Posted: 06 August 2010 at 10:07pm
Lyndon,

Can you please forward us the email to support at logsat.com, so we can take a look? In case it gets stopped, can you please also zip in a password-protected zip file the virus and send it to us in a separate email?


-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: lyndonje
Date Posted: 07 August 2010 at 8:45am
Hi Roberto,

Sent the two emails, the non passworded zip was blocked by your server.

Regards,
Lyndon


Posted By: LogSat
Date Posted: 07 August 2010 at 12:10pm
Lyndon, just in case my emails to you get blocked (the one with the virus was), I replied to you via email a few minutes ago.

-------------
Roberto Franceschetti

http://www.logsat.com" rel="nofollow - LogSat Software

http://www.logsat.com/sfi-spam-filter.asp" rel="nofollow - Spam Filter ISP


Posted By: lyndonje
Date Posted: 07 August 2010 at 12:40pm
How strange, the only thing that has changed is one of the norman definition files?



Print Page | Close Window