LogSat Software

Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic

   Hi Roberto,
A client has received an email with an attachments which contains a virus. They have then forward this email onto myself which again was not stopped.

I uploaded the file to http://www.virustotal.com, which has scanned the file with 38 different engines, which is reported by the Norman engine as:

Antivirus	Version	Last Update	Result
Norman	6.05.11	2010.08.06	Suspicious_Gen2.BSZAK

I've checked the SF logs and I see the line where it says scanning for viruses, it then queues for delivery. In the SF GUI, it reports that the AV files are found with the following definitions:

NvcBin.def 	15/07/2010 09:45:44
NvcMacro.def 	15/07/2010 09:13:54
Nvclncr.def 	06/08/2010 01:17:50
Nse_w32.dll 	24/06/2010 11:41:26
NCL.dll 		24/06/2010 11:27:06

Any ideas? Anything you want from me?

Thanks,
Lyndon

Author	Message Topic Search Topic Options Post Reply Create New Topic Printable Version Translate Topic
lyndonje Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 31 January 2006 Location: United Kingdom Status: Offline Points: 192	Post Options Post Reply Quote lyndonje Report Post Thanks(0) Quote Reply Topic: Virus' getting through Posted: 06 August 2010 at 11:01am
	Hi Roberto, A client has received an email with an attachments which contains a virus. They have then forward this email onto myself which again was not stopped. I uploaded the file to http://www.virustotal.com, which has scanned the file with 38 different engines, which is reported by the Norman engine as: Antivirus Version Last Update Result Norman 6.05.11 2010.08.06 Suspicious_Gen2.BSZAK I've checked the SF logs and I see the line where it says scanning for viruses, it then queues for delivery. In the SF GUI, it reports that the AV files are found with the following definitions: NvcBin.def 15/07/2010 09:45:44 NvcMacro.def 15/07/2010 09:13:54 Nvclncr.def 06/08/2010 01:17:50 Nse_w32.dll 24/06/2010 11:41:26 NCL.dll 24/06/2010 11:27:06 Any ideas? Anything you want from me? Thanks, Lyndon

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4106	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 06 August 2010 at 10:07pm
	Lyndon, Can you please forward us the email to support at logsat.com, so we can take a look? In case it gets stopped, can you please also zip in a password-protected zip file the virus and send it to us in a separate email?
	Roberto Franceschetti LogSat Software Spam Filter ISP

lyndonje Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 31 January 2006 Location: United Kingdom Status: Offline Points: 192	Post Options Post Reply Quote lyndonje Report Post Thanks(0) Quote Reply Posted: 07 August 2010 at 8:45am
	Hi Roberto, Sent the two emails, the non passworded zip was blocked by your server. Regards, Lyndon Edited by lyndonje - 07 August 2010 at 8:46am

LogSat Members Profile Send Private Message Find Members Posts Add to Buddy List Admin Group Joined: 25 January 2005 Location: United States Status: Offline Points: 4106	Post Options Post Reply Quote LogSat Report Post Thanks(0) Quote Reply Posted: 07 August 2010 at 12:10pm
	Lyndon, just in case my emails to you get blocked (the one with the virus was), I replied to you via email a few minutes ago.
	Roberto Franceschetti LogSat Software Spam Filter ISP

lyndonje Members Profile Send Private Message Find Members Posts Add to Buddy List Senior Member Joined: 31 January 2006 Location: United Kingdom Status: Offline Points: 192	Post Options Post Reply Quote lyndonje Report Post Thanks(0) Quote Reply Posted: 07 August 2010 at 12:40pm
	How strange, the only thing that has changed is one of the norman definition files?

LogSat Software

Site Navigation[Skip]

Spam Filter ISP Support Forum

Virus' getting through