1 Reply Latest reply on Sep 5, 2013 12:20 PM by wwarren

    Outlook 2007 False Positive Exploit-MS05-024.demo (Trojan)

    aladdin9

      I've been attempting to submit several emails that were quarantined yesterday (2013-09-04) on a XP SP3 Outlook 2007 running VSE8.7i P5 5400 DAT  7188.0000.  I send the emails as attachments to Virus_Research@avertlabs.com and have received two autoreplies, with Analysis ID's, but the included URL

      http://www.mcafee.com/us/mcafee-labs/resources/how-to-submit-sample.aspx does not work.  Since these are email false positives, do I need to extract the email messages and zip them for the submission to be valid?  None of the emails had attachments, the trigger appears to be within the body of the email text.  Lastly, the emails were internal to my company, and no other Outlook 2007 mailbox encountered email detections, using a mixture of VSE 8.7i P5 5400, 5600, 8.8 P2 5600 and XP, Vista, and Windows 7.

       

      If I open a support ticket within my company to submit via the McAfee Portal it will take 3-4 days and KB67411 https://kc.mcafee.com/corporate/index?page=content&id=KB67411 does not have any information about submitting false positive emails.

        • 1. Re: Outlook 2007 False Positive Exploit-MS05-024.demo (Trojan)
          wwarren

          The message body is being detected, really...

          It should be possible to save the mail item to disk (does that trigger a detection too?  It would tell us if it's just EmailScan or other scanners too)

           

          If saved to disk (which may require temporarily disabling OAS) as .oft or .msg or whatever, that should be able to be zipped.

          Make sure to mention what format your mail content is in, RTF/HTML/TXT...

           

          You could reach out to Support to open a Malware case.