Trend Micro ScanMail Will Always PASS Test Virus

PhoneSupport_at_SUPPORT.TRENDMICRO.COM
Date: 10/15/03

  • Next message: 3APA3A: "Few issues previously unpublished in English" 
    Date:         Thu, 16 Oct 2003 05:18:16 +0800
To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM

    Everyone:

    This is to reply to our client's posting regarding ScanMail for Exchange issue.

    Problem:
    Scanmail for Exchange 6.2 detection issue and repoting issue on Eicar.com using pattern file 638

    Answer:
    Please update to pattern file 653 also to resolve your issue on the action default to "PASS".

    When you use Active Action, eicar will be quarantined. When you select Specified Action, to Delete the eicar, kindly change the action/s from "Action on uncleanable files". Even if you change the actions/s on "Action when virus found", eicar will still be triggered by the action set on the "Action on uncleanable files".

    We hope that this clarifies the matter. Should you have further questions regarding you concern, please let us know and we will be glad to assist you. You can also email us for your comments, suggestions, and/or feedbacks.

    Thanks and have a nice day!!

    Best Regards,
    ===================================================
    Maenard Leo L. Martinez MCSA, MCSE, MCT
    Corporate Support Manager
    Product Support Services, TrendLabs HQ
    [URL / website] http://www.trendmicro.com
    [Knowledge Base] http://kb.trendmicro.com/solutions
    [email] support@support.trendmicro.com
    [Contact us] http://www.antivirus.com/support/contact_us.htm
    [If you need to escalate a case or send comments] Support_Manager@support.trendmicro.com
    [If you have not yet applied the Active Update Service Pack, please visit http://www.trendmicro.com/ausp
    ===================================================

    -----Original Message-----
    From: Powers, Brandon [mailto:bpowers@GOLDKIST.COM]
    Sent: Friday, October 10, 2003 3:03 AM
    To: NTBUGTRAQ@LISTSERV.NTBUGTRAQ.COM
    Subject: Trend Micro ScanMail Will Always PASS Test Virus

    Product:
    Trend Micro ScanMail for Exchange 2000 version 6.2 (other Trend Micro
    products may be similarly affected).

    Issue:
    ScanMail will recognize the EICAR test virus and PASS it regardless of
    your settings.

    Description:
    The EICAR test virus is a harmless file that should be detected as a
    virus by anti-virus software. The file is used to verify that your
    anti-virus software is functioning properly.

    When using Trend Micro ScanMail 6.2 for Exchange 2000 with pattern 638
    or higher, ScanMail will NOT process the EICAR test virus according to
    your settings (CLEAN, DELETE or QUARANTINE when not using
    "ActiveAction"). Any file regarded as a "Test Virus" by ScanMail will be
    PASSED.

    This detracts from the usefulness of the EICAR test virus. While you
    will be able to confirm the anti-virus software is able to detect a
    virus, you can not confirm that the virus will be processed according to
    your desire.

    To fully test ScanMail, use of a real (non-test) virus is required.
    Trend Micro views this behavior as desirable; however, a patch to
    correct the situation is available from them on request.

    -----
    Out of Office replies to list messages cause you to be unsubscribed
    automatically. Either subscribe a Public Folder, or ensure you're rules
    are
    set to ensure list messages are filtered prior to your Out of Office
    reply.
    Such automatic replies are a bane to posters, and cause us to have fewer
    researchers post to NTBugtraq.
    ----- 

    ----
NTBugtraq subscribers save $103.00 off the TICSA exam by using promo
code "NT1003" when registering to take the TICSA exam at www.2test.com.
Prove to your employer and peers that you have the knowledge and
abilities to be an active stakeholder in today's enterprise security.
Become TICSA certified www.trusecure.com/ticsa.  Promotion expires
12/31/03 and cannot be used in combination with other offers.
----
  • Next message: 3APA3A: "Few issues previously unpublished in English"

    Relevant Pages

    • Re: Is Exchange reporting the rejection of Open Relay?
      ... Your Exchange server postmaster is trying to send out ... Delivery Reports ... Drop connection if address matches filter ... Trend Scanmail eManager ...
      (microsoft.public.windows.server.sbs)
    • Re: DrWatson 4097 inetinfo error
      ... We are using ScanMail ... if not I suggest you follow the KB article below to install the SBS ... > Microsoft Exchange antivirus software on your Exchange 2000 Server ... This behavior is known to occur in Trend Micro ScanMail for ...
      (microsoft.public.windows.server.sbs)
    • Re: Problems with Outlook 2002
      ... I have same problem of the Exchange 5.5. ... >We had that same configuration before upgrading to ... >> ScanMail 3.81. ... >> my INBOX that has been the start of my problems. ...
      (microsoft.public.exchange.clients)
    • Trend Console session conflict
      ... When using the web interface for Trend CSM and trying to use some of the ... click on the ScanMail for Microsoft Exchange link on the left of the ...
      (microsoft.public.windows.server.sbs)
    • Re: Stripped Attachments after Virus Scan
      ... > I had made some adjustments on our Exchange 2003 virus scanner (ScanMail ... >ScanMail doesn't offer any means to restore these attachments back into ... Exchange isn't where you should be looking to solve your little ... One of your options would be to restore the store into the ...
      (microsoft.public.exchange.admin)