Duncan Mac Leod

CmdLineScanner unable to detect VB:Trojan.Agent.DLEJ (B) in MIME (E-Mail on Disk), only in saved File on Disk

Recommended Posts

Hi,

we are using the CommandLine Scanner to detect Malware in Email-Message-Source-Format (RAW). Works with EICAR-Test-Virus and we often detect viruses in our mails (source) before they are received by our backend-servers. I must admit, we did not go into further debugging as it works with EICAR and we usually catch some viruses from time to time.

But today we noticed that an attached Word-Document (infected) passes the command-line scanner in Email-Message-Source-Format (RAW) with the attachment in MIME encoded and didn't get recognized by the command-line scanner. But as we put the Document from our Mail as File on Disk, it was recognized (File-Explorer Menu-Scan) as VB:Trojan.Agent.DLEJ (B). Strange!

FYI: any Mail that is received by our servers is put to disk (file - raw mail source), then scanned by the command-line scanner and if it is OK (checking return code and output from the scanner), post-processing continues to our backend-servers.

Unfortunately, our Admin has deleted the Mail and the File on Disk, so we neither cannot provide you the file nor the mail - sorry!

Are there any differences in scanning Mail-Source (MIME-Attachments)?

Edited by Duncan Mac Leod
fixed typos

Share this post


Link to post
Share on other sites

What command line parameters are you using with a2cmd.exe?

Note that the mail archive scanning is provided by the BitDefender engine, and is not currently supported by our own engine. This means that anything detected by our own scanning engine but not by BitDefender's will go undetected in mail archives (the same applies for ZIP, RAR, 7z, etc. archives).

Share this post


Link to post
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Recently Browsing   0 members

    No registered users viewing this page.