Jump to content

Updates - Outlook mail - Significant BUG


Recommended Posts

We were recently infected with a Ransomware Trojan that devastated our company. Fortunately after weeks of work and with Fabian's help (thank you again), we were able to recovery our data and restore our systems - We now have EMSISOFT anti-malware product which stops it dead in its tracks.

 

However, we recently received an update, which during a FULL Custom scan (set one /week) NOW detects the virus within the Outlook Mail file (OST/PST)

 

Great I thought - I recognised the virus name and so confidently DELETED the "infection" as a known VIRUS.

 

Unfortunately, this deleted my three MAIL files & Archives .....OOPS! (fortunately I have a local backup from dealing with the infection above)

 

However, I have had to go around the company and remove the CUSTOM scan ability to avoid everyone unwittingly deleting their respective mail files / archives/etc...

 

My Question....is there a way to CLEAN the mail files?...perhaps delete the offended email, since you know which one has the infected attachment.

 

I would strongly SUGGEST that this is resolved quickly or a priority fix is released...before others unwittingly do likewise.

 

Fabian / Support: A direct email back with an update would be appreciated so I can test it around my company.

 

Regards

Paul

 

 Scan Results.zip

 

 

 

 

Link to comment
Share on other sites

This isn't a bug but intended behavior. We do not support cleaning within container formats, which mail archives are. The same happens with ZIP or RAR archives for example, where we will remove the entire archive.

 

We are considering splitting the "Scan within archives" option into two, so you can enable the scan within ZIP and similar archives without enabling the scanning within email archives as well. However, such a change will not resolve the issue. Just would allow you to side step it by preventing the original detection.

Link to comment
Share on other sites

Yes this is scary....Deleting a single infected file on a hard drive ....well that is a user choice. To delete a complete ZIP archive is pretty severe as users can loose considerable data that is irreversibly shredded - backups, MYOB, etc.

 

However, users OST and PST files on the local hard drives typically hold years worth of data, whether you think they should, is a different matter...

Fact is they do RIGHT...ha-ha

 

Most Local PCs are not backed up and users rely on these archives types (ZIP, RAR, PST, whatever) more than they know - legal issue, proof of contract, etc.

 

Users will invariably panic when a sign comes across saying VIRUS..MALWARE..INFECTED...and they just hit DELETE!!!

 

Please change the default usage of the program to automatically quarantine these files..to let the users know that there is a serious problem and remove the DELETE Button from the menu especially for MAIL files.

 

At the moment these type of files are only found in the CUSTOM Scan (usually all files) of the whole drive/s, rather than the MALWARE targeted directories and folders.

 

Recovering from a severe Ransomware attack, taking 2 weeks is nothing, to the company losing all their mail for the last 10 years...

Dramatic yes,.. But I have already had 2 users ask what does this message mean and should I delete the file?...so close!!!

 

Alternatives:

 

1. Status Quo and not scan computers - not worth having AV Software

2. Local backup software for all 10 PCs / NAS - expensive incremental and /or continuous backup - uses considerable network resources during work time ...$$$

3. Uninstall and find another provider.

 

I have been advised by my board of directors to implement OPTION 3 if no other solution can be found within 5 days.

 

This is terrible news since I personally, spent considerable time, effort and research in choosing EMSISOFT, however and I quote, "the risk is too great"

 

Paul

 

 

 

 

 

 

 

 

 

Link to comment
Share on other sites

are you saying the infection was an email with in the pst file.  Was it because somebody did something with the email while it was open.  Details would be helpful as it is scary as the devil.

He performed an on-demand scan with the "Scan within archives" enabled. If your email inbox is less than 64 MB in size, we will end up scanning it and if there are emails in there that contain known malware, we will find it.

 

Yes this is scary....Deleting a single infected file on a hard drive ....well that is a user choice. To delete a complete ZIP archive is pretty severe as users can loose considerable data that is irreversibly shredded - backups, MYOB, etc.

Remove the permission to delete infections and only allow quarantine as an option under Settings/Permission.

 

However, users OST and PST files on the local hard drives typically hold years worth of data, whether you think they should, is a different matter...

I am sure that years worth of data would amount to more than 64 MB, so it would never pose a problem.

 

1. Status Quo and not scan computers - not worth having AV Software

2. Local backup software for all 10 PCs / NAS - expensive incremental and /or continuous backup - uses considerable network resources during work time ...$$$

3. Uninstall and find another provider.

Or you know ... install EEC, push a policy to not allow users to do things that can be harmful and manage all the clients from a central server. EEC is free and available here:

https://www.emsisoft.com/en/software/enterprise/

It's currently still a pre-release version, but I know a lot of companies use it quite efficiently already.

  • Upvote 1
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...