cancel
Showing results for 
Search instead for 
Did you mean: 
super
Level 7

Not scanning inside JAR files?

I've installed McAfee on a test machine and have been checking to see if it catches known malware from some sources e.g., malware-traffic-analysis.net). While some files, including content within JAR files are detected and cleaned, quite a lot of files were not being detected. I submitted them via email to McAfee (followed McAfee KnowledgeBase - How to submit virus samples, false positives, clean files for false preventio...). I got auto responses after a few minutes indicating the status of files. While most of them are inconclusive and will be analysed by McAfee, some are flagged as known malware (current detection), typically rdn/generic exploit!nnn.

I'm running the trial version of McAfee LiveSafe (latest version; downloaded earlier this week) with default settings and up-to-date definitions. Why aren't these files insides JAR files being detected and sanitized by the real time scanner (when the JAR file was saved to disk) and when a right click/ custom scan is run? Are files submitted to McAfee via email run against a custom scan profile?

0 Kudos
12 Replies
exbrit
Level 21

Re: Not scanning inside JAR files?

I might have to ping a technician to answer that question as we are never told how the inner workings of the software function, but I would assume, as a .jar file is like a zipped file, your would have to physically ask the on-demand scanner to scan the file.  It would then unpack the compressed file and hopefully would then detect whatever it was.

0 Kudos
exbrit
Level 21

Re: Not scanning inside JAR files?

Sorry I just re-read your post.  You did actually do that and it wasn't detected.  OK I will ping a technician.

Can you advise what area you are in please?

exbrit
Level 21

Re: Not scanning inside JAR files?

BTW that article is focused on Enterprise software users.  This is the one for Consumers:  Submit a Virus or Malware Sample | McAfee Labs

super
Level 7

Re: Not scanning inside JAR files?

Thanks for checking. I'm sorry but I did not understand your question. Here are the steps I've followed so far:


- I downloaded and installed the trial version of McAfee LiveScan from McAfee Virus Removal Service - Remove viruses, trojans, malware from your PC | McAfee

- I downloaded password protected files containing malware from malware-traffic-analysis. net onto my system and unzipped them

- Some JAR files were sanitized (all bad class files were removed except for the clean MANIFEST file) by the real time scan

- A lot of malware JARs were untouched by the real time scan

- I then did a right click scan on the directory containing all JARs containing malware (none of these are password protected, by the way)

- This action caught some others that escaped the real time scan, but it still let some others go undetected

- When I submitted these files to McAfee (virus_research@), I received an automated reply indicating some of the class files in the JAR were already known to be malware

- I waited for a couple of days, thinking these might have been fresh signatures that weren't "live" yet but these aren't being detected even after a week.

At this point, I'm not sure why the scanner is not detecting these samples despite having signatures for them. I've checked the default settings but there isn't any exclusion defined.

Edit: I'm located in the United States.

0 Kudos
exbrit
Level 21

Re: Not scanning inside JAR files?

We are only Customers like you so have no idea why things are happening the way they are.  I was asking where you were so as to get  local-based  tech person to help you here in the forums.

Meanwhile it would help him to have any ID numbers the labs sent to you  so if you have any please post them.

I have no idea when he will be available but have emailed him so hope it's soon.

super
Level 7

Re: Not scanning inside JAR files?

Thanks for getting in touch with a technical person from McAfee. Here are a few report IDs: 9317519, 9317525

0 Kudos
exbrit
Level 21

Re: Not scanning inside JAR files?

I got an acknowledgement from my contact so please wait for a response.

0 Kudos
super
Level 7

Re: Not scanning inside JAR files?

Sure, thank you!

0 Kudos
exbrit
Level 21

Re: Not scanning inside JAR files?

OK still no tech so will ping someone else.

0 Kudos