0 Replies Latest reply on Feb 25, 2009 3:45 PM by SergeM

    Trojan not detected issue !

    SergeM
      Hi,

      I have a detection issue here.
      We received an eMail here, which had an MSWD file as attachment with a trojan that went almost undetected. On two systems which I know to be at risk and where I've set as tough rules as possible, the mail was detected in MS Outlook and quarantined.

      Now, my problem : in order to find out why the trojan hadn't been detected on the server, I went and recovered he infected file, then I sent it to myself by mail.


      1. the mail arrived to me undetected
      2. I'm using Thunderbird , McAfee VSE didn't detect it in my incoming mails (very disappointing) :mad:
      3. I saved the attachment and scanned with VSE 8.5i with the latest DAT for three days. No detection !!! :mad:
      4. I then scanned it using the Command Line Scanner ! It was only detected when using the /SECURE switch, which translates in "Examine all files, decompress archive files, and use heuristic analysis.". Hurray, we have a detection ! :eek:
      5. I sent the DOC to Webimmune and it was detected as exploit-msword.i.gen - "most powerful set of heuristic DAT drivers"



      Now, what do I need to do to configure VSE so that it uses those DAT on my system ? Or rather, so that it does detect this trojan...

      Also : when will McAfee do what's necessary so that incoming mail is correctly scanned even when not using MSOE... ? :mad:

      thanks for any help
      Serge