1 2 Previous Next 12 Replies Latest reply on Mar 2, 2015 3:58 PM by exbrit

    Not scanning inside JAR files?

    super

      I've installed McAfee on a test machine and have been checking to see if it catches known malware from some sources e.g., malware-traffic-analysis.net). While some files, including content within JAR files are detected and cleaned, quite a lot of files were not being detected. I submitted them via email to McAfee (followed McAfee KnowledgeBase - How to submit virus samples, false positives, clean files for false prevention, and detection dis…). I got auto responses after a few minutes indicating the status of files. While most of them are inconclusive and will be analysed by McAfee, some are flagged as known malware (current detection), typically rdn/generic exploit!nnn.

       

      I'm running the trial version of McAfee LiveSafe (latest version; downloaded earlier this week) with default settings and up-to-date definitions. Why aren't these files insides JAR files being detected and sanitized by the real time scanner (when the JAR file was saved to disk) and when a right click/ custom scan is run? Are files submitted to McAfee via email run against a custom scan profile?

        • 1. Re: Not scanning inside JAR files?
          exbrit

          I might have to ping a technician to answer that question as we are never told how the inner workings of the software function, but I would assume, as a .jar file is like a zipped file, your would have to physically ask the on-demand scanner to scan the file.  It would then unpack the compressed file and hopefully would then detect whatever it was.

          • 2. Re: Not scanning inside JAR files?
            exbrit

            Sorry I just re-read your post.  You did actually do that and it wasn't detected.  OK I will ping a technician.

            Can you advise what area you are in please?

            • 3. Re: Not scanning inside JAR files?
              exbrit

              BTW that article is focused on Enterprise software users.  This is the one for Consumers:  Submit a Virus or Malware Sample | McAfee Labs

              • 4. Re: Not scanning inside JAR files?
                catdaddy

                As Colleague Ex_Brit stated, we are never well-versed, if you will. On the inner workings of the Software. Out of curiosity, you said you Downloaded the latest 'Trial Version' of McAfee LiveSafe. Is your McAfee Security Center v13.6.1529?

                 

                For there is a New v14.0.207 being slowly throttled out to Consumers as we speak. Not that it makes a difference in regards to your questions. However, there has been some enhancements to the New Version. What all that includes I am not certain?

                • 5. Re: Not scanning inside JAR files?
                  super

                  Thanks for responding. My McAfee SecurityCenter version is 13.6 (build: 13.6.1347) and the McAfee Anti-virus and Anti-Spyware version is 17.6 (build: 17.6.481). I downloaded this copy earlier this week from McAfee Virus Removal Service - Remove viruses, trojans, malware from your PC | McAfee, the page that is linked from "Free trials" on the McAfee home page. I've just downloaded a fresh copy today and it appears to be the same version.

                  • 6. Re: Not scanning inside JAR files?
                    exbrit

                    If you want me to get a tech to post here, I need to know where you are in the world.

                    • 7. Re: Not scanning inside JAR files?
                      super

                      Thanks for checking. I'm sorry but I did not understand your question. Here are the steps I've followed so far:


                      - I downloaded and installed the trial version of McAfee LiveScan from McAfee Virus Removal Service - Remove viruses, trojans, malware from your PC | McAfee

                      - I downloaded password protected files containing malware from malware-traffic-analysis. net onto my system and unzipped them

                      - Some JAR files were sanitized (all bad class files were removed except for the clean MANIFEST file) by the real time scan

                      - A lot of malware JARs were untouched by the real time scan

                      - I then did a right click scan on the directory containing all JARs containing malware (none of these are password protected, by the way)

                      - This action caught some others that escaped the real time scan, but it still let some others go undetected

                      - When I submitted these files to McAfee (virus_research@), I received an automated reply indicating some of the class files in the JAR were already known to be malware

                      - I waited for a couple of days, thinking these might have been fresh signatures that weren't "live" yet but these aren't being detected even after a week.

                       

                      At this point, I'm not sure why the scanner is not detecting these samples despite having signatures for them. I've checked the default settings but there isn't any exclusion defined.

                       

                      Edit: I'm located in the United States.

                      • 8. Re: Not scanning inside JAR files?
                        exbrit

                        We are only Customers like you so have no idea why things are happening the way they are.  I was asking where you were so as to get  local-based  tech person to help you here in the forums.

                        Meanwhile it would help him to have any ID numbers the labs sent to you  so if you have any please post them.

                        I have no idea when he will be available but have emailed him so hope it's soon.

                        • 9. Re: Not scanning inside JAR files?
                          super

                          Thanks for getting in touch with a technical person from McAfee. Here are a few report IDs: 9317519, 9317525

                          1 2 Previous Next