Jem 0 Posted September 30, 2013 Posted September 30, 2013 Hi, Running a trial of NOD32 AV on Win 7 Pro x64. Caught a fake amazon email this morning with an infected zip file attached but failed to move the email to Infected Items. I'm running Outlook 2010. Anything I should check / configure? Thanks.
Administrators Marcos 5,460 Posted September 30, 2013 Administrators Posted September 30, 2013 If the zip file wasn't detected, it could be that the archive was empty or corrupt. Today I've seen some emails with ORDER---9601228-4285214.zip attached and Order_details.exe inside but these were already detected as Win32/TrojanDownloader.Wauchos. Also make sure that you have the most current signature database 8858 installed.
Jem 0 Posted September 30, 2013 Author Posted September 30, 2013 I'm using 8858 and it was detected. Only issue is that I was expecting the email to be moved to Infected Items as per the default settings. The Infected Items folder has synchronised with the IMAP server.
Administrators Marcos 5,460 Posted October 1, 2013 Administrators Posted October 1, 2013 Try sending a test email to yourself with the eicar test file attached to see if it's moved to Infected items.
Jem 0 Posted October 1, 2013 Author Posted October 1, 2013 (edited) Try sending a test email to yourself with the eicar test file attached to see if it's moved to Infected items. To be honest Marcos, I don't understand what's happening here. I can't actually send the email as 1&1 Internet stop the mail at the server and I get an 'Undeliverable' mail back. If I leave the mail in Sent items with the eicar test file attached and rescan the folder, NOD32 finds it, deletes the attachment and adds the warning to the mail body. The mail itself remains in Sent Items, the infected items folder 'lights up' indicating 1 mail in the folder but there's nothing visible in Outlook or the server itself. I'm happy that NOD32 is doing it's job but I don't understand what's happening with / to the mail. I did turn on SSL scanning as the incoming mail server is SSL, port 993. Not even sure now if I needed to do that or if it's made any difference at all. As far as I could see, NOD32 was seeing an infection anyway even with SSL scanning turned off. Edited October 1, 2013 by Jem
Recommended Posts