rosspope 1 Posted March 30, 2015 Share Posted March 30, 2015 Hello All, I am facing an issue similar to the topic below: https://forum.eset.com/topic/1434-delete-zip-file-attachments-containing-exe Basically, I would like to know if it is possible for ESET to scan all ZIPs and if they contain EXEs to quarantine and submit for analysis regardless if they contain a virus or not. We have been getting lots of viruses from legitimate sources (so our SPAM filter is useless) and ESET does not detect them as viruses yet until they are submitted for analysis. The virus we have been getting many times over the past year is similar to the one below hxxp://www.networkworld.com/article/2878966/microsoft-subnet/dyre-banking-trojan-tweaked-to-spread-upatre-malware-via-microsoft-outlook.html hxxp://ketstech.blogspot.ca/2014/10/email-out-break-internal-network-email.html Any help would be appreciated! Link to comment Share on other sites More sharing options...
Administrators Marcos 5,069 Posted March 31, 2015 Administrators Share Posted March 31, 2015 Blocking zip attachments with exe files inside will be possible as of EMSX v6. With the current version of EMSX v4, it's only possible to create rules for whole archives. However, to improve detection of spammed malware I'd strongly suggest enabling detection of potentially dangerous attachments. If you have Endpoint installed on clients and Live Grid enabled and working, there's a good chance the malware getting through EMSX would be detected and blocked on the clients. Link to comment Share on other sites More sharing options...
rosspope 1 Posted March 31, 2015 Author Share Posted March 31, 2015 I installed ESET 6 for a client and it was brutal to get going but now it is. So I'll have to try that with our company next I suppose. I have ESET live grid working but this malware that has been going around ESET or any AV is not detecting until I submit it for analysis and wait a couple hours. I have been checking virscan.org just to get an idea of which AV is detecting this malware. So what your saying is with EMSX 6, I can block an email that has a ZIP attachment which contains an .EXE regardless if the EXE is detected as a virus? If so, that is great. I would also like to have it submit for analysis to ESET right away.. Link to comment Share on other sites More sharing options...
rosspope 1 Posted March 31, 2015 Author Share Posted March 31, 2015 Also, the latest version I see on the site is: ESET Mail Security for Microsoft Exchange Server 4.5.10023.0 Where can I get EMSX v6?? Link to comment Share on other sites More sharing options...
Administrators Marcos 5,069 Posted April 2, 2015 Administrators Share Posted April 2, 2015 EMSX v6 is not yet available, will be released later this year. To test Live Grid on Endpoint v5 or v6 clients and to make sure it works properly, follow the instructions below: 1, Download Cloudcar test file from hxxp://www.amtso.org/check-desktop-cloud-lookups. The file should be blocked by Web protection as a suspicious object.2, Temporarily disable Web protection, download Cloudcar and save it to your disk.3, Enable Web protection.4, Create a new email, attach Cloudcar to it and send it to your email address.5, Receive email. The file in attachment should be detected as a suspicious object and removed. Link to comment Share on other sites More sharing options...
Solution rosspope 1 Posted April 6, 2015 Author Solution Share Posted April 6, 2015 Yes, that blocks it. I will wait for EMSX v6 for that new feature. Thank you! Link to comment Share on other sites More sharing options...
Recommended Posts