PDF in Email

RJonesUSC · 04-27-2010, 09:01 AM

We received malware in a PDF file today that Kaspersky didn't detect through email. I tested the file against the 2 sites listed in the stickied post and noticed that while Kaspersky didn't detect them, ClamAV did. I have both modules installed in the rack (as I believe I read that was recommended - to run both AV modules) but ClamAV didn't detect the infected PDF file.

So, I'm wondering how having the 2 AV modules installed works. Does everything get scanned by both modules or do they take turns scanning files or what? Also, is there anything that I need to set to allow PDF files to be scanned in emails?

Thanks

RJonesUSC · 04-27-2010, 09:11 AM

Checked the Virus Blocker module logs and saw this:

2010-04-27 8:22:11 am remove infection 210.123.61.130:4762 (SMTP) Setting for your mailbox are changed virus found

According to that it looks like the virus was removed. Although I tested the attachment that made it through on those 2 sites in the sticky and it still showed an infection.

If I change the option for dealing with infected files from Remove Infection to Block will those emails then show up in the users quarantine or will they be rejected completely and just be dropped?

04-27-2010, 09:01 AM	#1 (permalink)
RJonesUSC Untangler Join Date: Jul 2009 Location: Huntington Beach, CA Posts: 76	PDF in Email We received malware in a PDF file today that Kaspersky didn't detect through email. I tested the file against the 2 sites listed in the stickied post and noticed that while Kaspersky didn't detect them, ClamAV did. I have both modules installed in the rack (as I believe I read that was recommended - to run both AV modules) but ClamAV didn't detect the infected PDF file. So, I'm wondering how having the 2 AV modules installed works. Does everything get scanned by both modules or do they take turns scanning files or what? Also, is there anything that I need to set to allow PDF files to be scanned in emails? Thanks

Protect

Filter

Perform

Connect

Manage

Add-Ons

04-27-2010, 09:11 AM	#2 (permalink)
RJonesUSC Untangler Join Date: Jul 2009 Location: Huntington Beach, CA Posts: 76	Checked the Virus Blocker module logs and saw this: 2010-04-27 8:22:11 am remove infection 210.123.61.130:4762 (SMTP) Setting for your mailbox are changed virus found According to that it looks like the virus was removed. Although I tested the attachment that made it through on those 2 sites in the sticky and it still showed an infection. If I change the option for dealing with infected files from Remove Infection to Block will those emails then show up in the users quarantine or will they be rejected completely and just be dropped?