Trend Micro ScanMail Will Always PASS Test Virus

From: Powers, Brandon (bpowers_at_GOLDKIST.COM)
Date: 10/09/03

  • Next message: Presley, Steve: "Re: Trend Micro ScanMail Will Always PASS Test Virus"
    Date:         Thu, 9 Oct 2003 15:02:33 -0400
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    
    

    Product:
    Trend Micro ScanMail for Exchange 2000 version 6.2 (other Trend Micro
    products may be similarly affected).

    Issue:
    ScanMail will recognize the EICAR test virus and PASS it regardless of
    your settings.

    Description:
    The EICAR test virus is a harmless file that should be detected as a
    virus by anti-virus software. The file is used to verify that your
    anti-virus software is functioning properly.

    When using Trend Micro ScanMail 6.2 for Exchange 2000 with pattern 638
    or higher, ScanMail will NOT process the EICAR test virus according to
    your settings (CLEAN, DELETE or QUARANTINE when not using
    "ActiveAction"). Any file regarded as a "Test Virus" by ScanMail will be
    PASSED.

    This detracts from the usefulness of the EICAR test virus. While you
    will be able to confirm the anti-virus software is able to detect a
    virus, you can not confirm that the virus will be processed according to
    your desire.

    To fully test ScanMail, use of a real (non-test) virus is required.
    Trend Micro views this behavior as desirable; however, a patch to
    correct the situation is available from them on request.

    -----
    Out of Office replies to list messages cause you to be unsubscribed
    automatically. Either subscribe a Public Folder, or ensure you're rules are
    set to ensure list messages are filtered prior to your Out of Office reply.
    Such automatic replies are a bane to posters, and cause us to have fewer
    researchers post to NTBugtraq.
    -----


  • Next message: Presley, Steve: "Re: Trend Micro ScanMail Will Always PASS Test Virus"