cancel
Showing results for 
Search instead for 
Did you mean: 
esverhoef
Level 7

Web Gateway doesn't find malware

Dear McAfee friends,

I have a McAfee Web Gateway configuration for ICAP only. We have a webinterface where clients can upload files and we use the the Gateway to scan those files for malware before passing them into the backoffice.

When I upload a text file with EICAR content, the webgateway does it's work and blocks the file. But when I upload a Zeus virus sample (with the .exe renamed to .pdf) the gateway doesn't seem to detect anything and gives the file the thumbs up. Does this ring a bell to anyone? 

With kind regards,

Erik

The Netherlands

0 Kudos
4 Replies
eelsasser
Level 15

Re: Web Gateway doesn't find malware

Does the sample actually get detected on something like VirusTotal?

If so, then it's probably something in the policy that isn't quite right.

If the McAfee Gateway Edition entry on VirusTotal doesn't catch it, then MWG won't either.

0 Kudos
esverhoef
Level 7

Re: Web Gateway doesn't find malware

Hi eelsasser,

thanks for your reply.

the sample does get detected by the McAfee client software.

0 Kudos
asabban
Level 17

Re: Web Gateway doesn't find malware

Sounds like we should catch it. Probably you need to file an SR with support and provide the sample and some rule engine traces to allow us to find out what happens here.

Best,

Andre

0 Kudos
esverhoef
Level 7

Re: Web Gateway doesn't find malware

I've got some new information. When I push the virus samples with perl from localhost to localhost the AV scanner detects the virus samples.

So the AV scanner does it's job. What happens is that the files we get from the web interface are being encoded to UTF16. Could this be the issue?

Encoding EICAR to UTF16 just gives you the EICAR back. So that get's detected. But a binary file encoded to UTF16 is something else.

Is there anyway I need to configure the MWG to detect and scan UTF16 encoded files?

0 Kudos