Has it triggered the port 25 access protection rule? is there nothing at all in the logfile for access protection relating to the event?
the log shows that it is detecting and block it, that is how I know it is happening, but it does not say Randomprogram.exe is blocked etc....
I opened a case with McAfee and they have about 100 steps that I need to do to see if the system is infected, which is their diagnosis.
Sometimes it is not possible for VirusScan to query the offending process name, as we found out with certain clever trojans, that use lower level NIC operation than usual and Virusscan only senses port usage but gets no process etc. details, whatsoever.
Another example is the rogue system sensor, which when doing a port scan, does it on low level so if you'd set up a VirusScan AP rule to check for ports it targets, you'd get no process name...
I think this is what you are facing.