I have a detection issue here. We received an eMail here, which had an MSWD file as attachment with a trojan that went almost undetected. On two systems which I know to be at risk and where I've set as tough rules as possible, the mail was detected in MS Outlook and quarantined.
Now, my problem : in order to find out why the trojan hadn't been detected on the server, I went and recovered he infected file, then I sent it to myself by mail.
the mail arrived to me undetected
I'm using Thunderbird , McAfee VSE didn't detect it in my incoming mails (very disappointing) :mad:
I saved the attachment and scanned with VSE 8.5i with the latest DAT for three days. No detection !!! :mad:
I then scanned it using the Command Line Scanner ! It was only detected when using the /SECURE switch, which translates in "Examine all files, decompress archive files, and use heuristic analysis.". Hurray, we have a detection ! :eek:
I sent the DOC to Webimmune and it was detected as exploit-msword.i.gen - "most powerful set of heuristic DAT drivers"
Now, what do I need to do to configure VSE so that it uses those DAT on my system ? Or rather, so that it does detect this trojan...
Also : when will McAfee do what's necessary so that incoming mail is correctly scanned even when not using MSOE... ? :mad: