Does the sample actually get detected on something like VirusTotal?
If so, then it's probably something in the policy that isn't quite right.
If the McAfee Gateway Edition entry on VirusTotal doesn't catch it, then MWG won't either.
thanks for your reply.
the sample does get detected by the McAfee client software.
Sounds like we should catch it. Probably you need to file an SR with support and provide the sample and some rule engine traces to allow us to find out what happens here.
I've got some new information. When I push the virus samples with perl from localhost to localhost the AV scanner detects the virus samples.
So the AV scanner does it's job. What happens is that the files we get from the web interface are being encoded to UTF16. Could this be the issue?
Encoding EICAR to UTF16 just gives you the EICAR back. So that get's detected. But a binary file encoded to UTF16 is something else.
Is there anyway I need to configure the MWG to detect and scan UTF16 encoded files?