Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Anti-virus Plug-in > Lot's of viruses today

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Anti-virus Plug-in  /

Lot's of viruses today

[Cramp, Edmund]
Edmund Cramp
Novice
Novice
Posts: 233

MDaemon
Outlook Connector
WebAdmin
Edmund Cramp - 01:09pm, Nov 2 2020

I'm seeing lots of viruses today but the MDAV virus count is missing them so the stats look good - but they are not. Typically they are files that VirusTotal says are infectious but MDAV and most AV packages think they are just fine. Sample headers below:

X-MDAV-Result: infected
X-MDAV-Infected: Invoice_695567_94143.xls
X-MDSpam-Honeypot: YES
X-MDBadQueue-Reason: WARNING! macro detected (Invoice_695567_94143.xls)

Attachment Virus name Action taken
Invoice_695567_94143.xls, macro-detected Message Quarantined

  (older msg: 1)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Edmund Cramp - Nov 11, 2020 10:25 am (#2 Total: 4)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 233

MDaemon
Outlook Connector
WebAdmin
Replying to: Arron Caruth (Nov 2, 2020 1:18 pm)
Can you send me a sample MSG file off list so I can take a look at it?  --Arron CaruthVice President...

I'm sending them every day to your virusfn@mdaemon.com address. I'm seeing a lot of infected excel files, it seems to be a popular delivery method - maybe because the AV software does not stop them unless the "macro detection" is turned on.

Arron Caruth - Nov 11, 2020 10:31 am (#3 Total: 4)  

Guest User  

Photo of Author
Posts: 1

Great!  They get analyzed by our systems and passed on to Cyren, who updates the virus definitions to detect any malicious content we send them.

 

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on
www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the
MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
Sent: Wednesday, November 11, 2020 9:26 AM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] Lot's of viruses today

 

I'm sending them every day to your virusfn@mdaemon.com address. I'm seeing a lot of infected excel files, it seems to be a popular delivery method - maybe because the AV software does not stop them unless the "macro detection" is turned on.


View/reply at Lot's of viruses today

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

Replies to this message
  • Edmund Cramp (Nov 11, 2020 4:02 pm)


  • Edmund Cramp - Nov 11, 2020 4:02 pm (#4 Total: 4)  

     

    Photo of Author
    Edmund Cramp
    Novice
    Novice
    Posts: 233

    MDaemon
    Outlook Connector
    WebAdmin
    Replying to: Arron Caruth (Nov 11, 2020 10:31 am)
    Great!  They get analyzed by our systems and passed on to Cyren, who updates the virus definitions to detect any...

    I usually run them through VirusTotal, typically only a tenth of the VirusTotal engines detect macro viruses which is probably why we see so many of them - they are effective infection engines. Yet we also get real orders from Asia delivered in xls spreadsheets.

    I'm very happy that MDAV flags them as macro infection.



      All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



     Content:

    Read New | Search

     Guest:

    Email to Admin



    You are visiting as a Guest user.