I've installed McAfee on a test machine and have been checking to see if it catches known malware from some sources e.g., malware-traffic-analysis.net). While some files, including content within JAR files are detected and cleaned, quite a lot of files were not being detected. I submitted them via email to McAfee (followed McAfee KnowledgeBase - How to submit virus samples, false positives, clean files for false preventio...). I got auto responses after a few minutes indicating the status of files. While most of them are inconclusive and will be analysed by McAfee, some are flagged as known malware (current detection), typically rdn/generic exploit!nnn.
I'm running the trial version of McAfee LiveSafe (latest version; downloaded earlier this week) with default settings and up-to-date definitions. Why aren't these files insides JAR files being detected and sanitized by the real time scanner (when the JAR file was saved to disk) and when a right click/ custom scan is run? Are files submitted to McAfee via email run against a custom scan profile?
I might have to ping a technician to answer that question as we are never told how the inner workings of the software function, but I would assume, as a .jar file is like a zipped file, your would have to physically ask the on-demand scanner to scan the file. It would then unpack the compressed file and hopefully would then detect whatever it was.
Sorry I just re-read your post. You did actually do that and it wasn't detected. OK I will ping a technician.
Can you advise what area you are in please?
Thanks for checking. I'm sorry but I did not understand your question. Here are the steps I've followed so far:
- I downloaded and installed the trial version of McAfee LiveScan from McAfee Virus Removal Service - Remove viruses, trojans, malware from your PC | McAfee
- I downloaded password protected files containing malware from malware-traffic-analysis. net onto my system and unzipped them
- Some JAR files were sanitized (all bad class files were removed except for the clean MANIFEST file) by the real time scan
- A lot of malware JARs were untouched by the real time scan
- I then did a right click scan on the directory containing all JARs containing malware (none of these are password protected, by the way)
- This action caught some others that escaped the real time scan, but it still let some others go undetected
- When I submitted these files to McAfee (virus_research@), I received an automated reply indicating some of the class files in the JAR were already known to be malware
- I waited for a couple of days, thinking these might have been fresh signatures that weren't "live" yet but these aren't being detected even after a week.
At this point, I'm not sure why the scanner is not detecting these samples despite having signatures for them. I've checked the default settings but there isn't any exclusion defined.
Edit: I'm located in the United States.
We are only Customers like you so have no idea why things are happening the way they are. I was asking where you were so as to get local-based tech person to help you here in the forums.
Meanwhile it would help him to have any ID numbers the labs sent to you so if you have any please post them.
I have no idea when he will be available but have emailed him so hope it's soon.