I've searched for some documents about file types that vse can't scan. I have this problem with some file - *.dat :
Other Anti-Viruses found viruses within this file, but mcafee didn't.
We are using vse 8.8 patch 2, and the dat is from this week. What could be the reason that vse can't detect the virus in the *.dat file, while other Anti-Viruses can?
Thank you and have a nice day !
I think it does, you may open On Demand Sacn Properties and check under SCAN Items>Select >Default+Additional Files types>Here you can see DAT extension as well, but if you want to add any other file type, add here and try scanning, I hope it will work, also selct>Also scan for macros in all files.
on 3/12/13 9:05:13 AM CDT
Thank you, but it still didn't find it... Very strange.
Do you have any other ideas?
And by the way, it works in the On-Access Scan as well? Or only in the On-Demand Scan?
Once the file is added with default files toscan, it will also work for On-Access Scan as well, could you attach this file here please, so I could see?
I'm sorry, I can't attach the file, my network in close...
But I scan the file with symantec AV and found the threat: http://www.symantec.com/security_response/writeup.jsp?docid=2002-101518-4323-99
I didn't find any reference in mcafee on the internet...
What do you think?
McAfee Threat Intelligence system gives many varients with this "Downloader". if you think that Mcafee Is not detectiong it you may submit a sample here"
if I got you right then "other antiviruses" find the strings of malware in .DATs, and McAfee won't, which I deem normal, since McAfee "knows" or " is supposed to know" not to scan (or not to find viruses in) its own .DAT file full of virus signatures, while "other antiviruses" may handle the file as every other file. Perhaps the first string of such signature refers to a downloader and other antiviruses stop there thinking "enough found".
But is the .DAT you refer to is not any of the McAfee .DAT files, then - and assuming the .DAT file is infected - it might be encrypted in a way that with the current settings VirusScan engine is not able, or not configured, to decrypt before actual scanning.
Message was edited by: apoling on 27/03/13 14:11:31 CET
on 27/03/13 14:12:29 CET