Skip navigation
McAfee Secure sites help keep you safe from identity theft, credit card fraud, spyware, spam, viruses and online scams
636 Views 4 Replies Latest reply: May 1, 2013 2:01 PM by pm_nate RSS
patrick-cusc Newcomer 2 posts since
Mar 28, 2013
Currently Being Moderated

Apr 24, 2013 8:55 AM

Trojan zip attachments getting through

I have everything in the inbound policy set to quarantine inbound zip files, yet they still get through.  Our organization has been receiving inbound messages with zip attahcments that contain a trojan executable.  Is anyone else seeing this?

 

Thanks!

  • Brad McGarr McAfee Employee 154 posts since
    Dec 4, 2012
    Currently Being Moderated
    1. Apr 24, 2013 10:00 AM (in response to patrick-cusc)
    Re: Trojan zip attachments getting through

    Hi Patrick,

     

    That behavior is both troubling and unusual. If you haven't contacted the support team that services your account, I highly encourage you to do so. A few things I would also look for are:

     

    - In the header of the message, if a "Received from _____ by ____" hop is missing a line with a server and ESMTP ID that ends in mxlogic.net, the message bypassed the filter through direct connection.

     

    - Verify the recipient user accounts in the Control Console were not set to exempt them from any level of filtering

     

    - If you have access to Message Audit, check to see if this was released from quarantine by anyone. If you don't directly have this your support team can pull the neccisary details.

     

    Above all though in a case like this contacting your support team is highly recommended so they can fully investigate the issue.

     

    Let me know if you have any questions.


    Brad McGarr
    McAfee SaaS Email & Web Protection
    Technical Support Technician I (Legacy & Partner Support)
    Microsoft Certified Professional
    Microsoft Technology Associate - Windows OS | CompTIA A+ Certified Technician | CIW Web Foundations Associate
    Visit my blog: Brad's Corner - Insights from SaaS Email & Web Security Support https://community.mcafee.com/blogs/brad-denver

    Frequently Requested Information
  • frankm Apprentice 62 posts since
    Jan 10, 2013
    Currently Being Moderated
    3. Apr 29, 2013 7:59 AM (in response to patrick-cusc)
    Re: Trojan zip attachments getting through

    This action actually concerns us, if true. In my opinion, regardless of any policy, any message with a known virus should be quarantined or handled per the orgs policy. It was my understanding that all messages are scanned for malicious content and payload.

  • pm_nate McAfee Employee 17 posts since
    Dec 6, 2012
    Currently Being Moderated
    4. May 1, 2013 2:01 PM (in response to frankm)
    Re: Trojan zip attachments getting through

    Known viruses are blocked regardless of the sender's allow list membership. This was apparently a 0-hour exploit and the allow list bypasses the attachment policy, which is legacy functonality that should be addressed in a future release.

More Like This

  • Retrieving data ...

Bookmarked By (0)

Legend

  • Correct Answers - 5 points
  • Helpful Answers - 3 points