Jump to content

Block ZIPs containing EXEs regardless if ESET detects a virus


Go to solution Solved by rosspope,

Recommended Posts

Hello All,

 

I am facing an issue similar to the topic below:

 

https://forum.eset.com/topic/1434-delete-zip-file-attachments-containing-exe

 

Basically, I would like to know if it is possible for ESET to scan all ZIPs and if they contain EXEs to quarantine and submit for analysis regardless if they contain a virus or not. We have been getting lots of viruses from legitimate sources (so our SPAM filter is useless) and ESET does not detect them as viruses yet until they are submitted for analysis.

 

The virus we have been getting many times over the past year is similar to the one below

hxxp://www.networkworld.com/article/2878966/microsoft-subnet/dyre-banking-trojan-tweaked-to-spread-upatre-malware-via-microsoft-outlook.html

hxxp://ketstech.blogspot.ca/2014/10/email-out-break-internal-network-email.html

 

Any help would be appreciated!

 

 

Link to comment
Share on other sites

  • Administrators

Blocking zip attachments with exe files inside will be possible as of EMSX v6. With the current version of EMSX v4, it's only possible to create rules for whole archives. However, to improve detection of spammed malware I'd strongly suggest enabling detection of potentially dangerous attachments.

If you have Endpoint installed on clients and Live Grid enabled and working, there's a good chance the malware getting through EMSX would be detected and blocked on the clients.

Link to comment
Share on other sites

I installed ESET 6 for a client and it was brutal to get going but now it is. So I'll have to try that with our company next I suppose. I have ESET live grid working but this malware that has been going around ESET or any AV is not detecting until I submit it for analysis and wait a couple hours. I have been checking virscan.org just to get an idea of which AV is detecting this malware.

 

So what your saying is with EMSX 6, I can block an email that has a ZIP attachment which contains an .EXE regardless if the EXE is detected as a virus? If so, that is great. I would also like to have it submit for analysis to ESET right away..

Link to comment
Share on other sites

Also, the latest version I see on the site is: ESET Mail Security for Microsoft Exchange Server  4.5.10023.0   Where can I get EMSX v6??

Link to comment
Share on other sites

  • Administrators

EMSX v6 is not yet available, will be released later this year. 

To test Live Grid on Endpoint v5 or v6 clients and to make sure it works properly, follow the instructions below:

 

1, Download Cloudcar test file from hxxp://www.amtso.org/check-desktop-cloud-lookups. The file should be blocked by Web protection as a suspicious object.
2, Temporarily disable Web protection, download Cloudcar and save it to your disk.
3, Enable Web protection.
4, Create a new email, attach Cloudcar to it and send it to your email address.
5, Receive email. The file in attachment should be detected as a suspicious object and removed.

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...