Jump to content

Failed to move infected mail to 'Infected items' (IMAP)


Recommended Posts

Posted

Hi,

 

Running a trial of NOD32 AV on Win 7 Pro x64. Caught a fake amazon email this morning with an infected zip file attached but failed to move the email to Infected Items. I'm running Outlook 2010.

 

Anything I should check / configure?

 

Thanks.

  • Administrators
Posted

If the zip file wasn't detected, it could be that the archive was empty or corrupt. Today I've seen some emails with ORDER---9601228-4285214.zip attached and Order_details.exe inside but these were already detected as Win32/TrojanDownloader.Wauchos. Also make sure that you have the most current signature database 8858 installed.

Posted

I'm using 8858 and it was detected. Only issue is that I was expecting the email to be moved to Infected Items as per the default settings. The Infected Items folder has synchronised with the IMAP server.

  • Administrators
Posted

Try sending a test email to yourself with the eicar test file attached to see if it's moved to Infected items.

Posted (edited)

Try sending a test email to yourself with the eicar test file attached to see if it's moved to Infected items.

To be honest Marcos, I don't understand what's happening here. I can't actually send the email as 1&1 Internet stop the mail at the server and I get an 'Undeliverable' mail back. If I leave the mail in Sent items with the eicar test file attached and rescan the folder, NOD32 finds it, deletes the attachment and adds the warning to the mail body. The mail itself remains in Sent Items, the infected items folder 'lights up' indicating 1 mail in the folder but there's nothing visible in Outlook or the server itself.

 

I'm happy that NOD32 is doing it's job but I don't understand what's happening with / to the mail. I did turn on SSL scanning as the incoming mail server is SSL, port 993. Not even sure now if I needed to do that or if it's made any difference at all. As far as I could see, NOD32 was seeing an infection anyway even with SSL scanning turned off.

Edited by Jem
Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...