adamj 0 Posted September 25, 2013 Posted September 25, 2013 Greetings We have recently changed from another a/v vender to ESET. We are still running Exchange 2003 and have ESET Mail Sercurity for Microsoft Exchange version 4.5.10012.7 We are finding that while it is blocking some mailbound viruses from getting to users it is letting a lot through. The type it seems to be letting through are .exe files which are within a zip folder. Ideally I would work around it by blocking zip files, but our users have a need to be able to email in this format. Doe anyone have any suggestions? As far as I can see ESET is set to scan in achives. I am a little concerend about this as our previous a/v didn't have this issue and I am worried users are getting viruses delivered straigh to their email. The email recived today was titled "You have recived a new debit" and claimed to be from Lloyds TSB with the attachment Lloyds_message_service_09-25-2013.zip Thanks very much.
Administrators Marcos 5,441 Posted September 25, 2013 Administrators Posted September 25, 2013 It happens that such archives are empty or corrupt so their content is benign. Please send some examples of suspicious files get get through your ESET protection as per the instructions here.
adamj 0 Posted September 25, 2013 Author Posted September 25, 2013 My Endpoint Security is picking up this file now (wasn't earlier) can't confirm at the moment if the ESET Mail Security is. Could it be a delay in updates for new threats?
ESET Moderators Peter Randziak 1,181 Posted September 25, 2013 ESET Moderators Posted September 25, 2013 Hello Adam, shouldn't be. Check the virus signature database version (and also versions of other modules) on the EMSX and on the endpoints.
Administrators Marcos 5,441 Posted September 26, 2013 Administrators Posted September 26, 2013 Without knowing the detection name (and ideally getting the file itself along with the ESET Event log), it's impossible to comment on it. Maybe EMSX updated to the signature database containing a signature for the given malware after the email was received by the mail server.
Recommended Posts