Video Screencast Help
Protect Your POS Environment Against Retail Data Breaches. Learn More.

How can I test the virus Attachment in outlook

Created: 03 Oct 2012 | 5 comments
ksu's picture

I have installed SEP 12.1 to all our servers and clients in our company and want to find out the virus Attachment in outlook which will be  detected by the sep .

second question is where will be stoped the attachment with virus. Clients/Exchange server/sep admin server

Third question is how can i set up in SEP to inform me when a mail with virus send to someone in our company?

 

Regards

KSU

Comments 5 CommentsJump to latest comment

kavin's picture

You can test the virus attached with SEP in outlook, for that you can download the test virus file " Eicar.com" is the good place to get the file.

After downloading you will need to attach the file to the email and send it to some one or yourself.

The Virus file wont be detected on the Exchange server end, it would be detected by your client while sending or at the client where the e-mail is recived, you will need to enable and disable the outlook autoprotect while doing this.

For exchange server we have another software thats SMS that will detect the threat on Exchange server.

By default outllook has its own security and blocks some well know test viruses, you will need to make sure you disable that option from registry.. there are many documents on Google for that..

Please let me know if you need any more assistance on this

 

 

ksu's picture

I have downloaded this eicar file (rem X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*) and want to rename it to other file types(xls/jpg/doc/etc),but when I try to do it the file  disappears from windows explorer.

When I try to remove REM and try to save this file as doc/jpg as I can send the file as the attachment in mail,but I cant do it.

I have enabled microsoft outlook Auto-Protect in SEP manager where my all exchang serveres are.

Ashish-Sharma's picture

HI,

Checked this comments

Mithun Sanghavi Symantec Employee Technical Support Accredited

Hello,

Internet Email Auto-Protect protects both incoming email messages and outgoing email messages that use the POP3 or SMTP communications protocol over the Secure Sockets Layer (SSL). When Internet Email Auto-Protect is enabled, the client software scans both the body text of the email and any attachments that are included.

You can enable Auto-Protect to support the handling of encrypted email over POP3 and SMTP connections. Auto-Protect detects the secure connections and does not scan the encrypted messages. Even if Internet Email Auto-Protect does not scan encrypted messages, it continues to protect computers from viruses and security risks in attachments.

Email attachments are frequently the culprits in virus attacks. To protect yourself from viruses transmitted through email attachments:

  • Don't open any attachment you were not expecting, even if it comes from a trusted source, such as a family member, co-worker, or friend.
  • If you do not know the sender of a message that includes an attachment, delete the message without reading it.
  • Do not open any attached file ending in .exe, .vbs, or .lnk.
  • Never open an attachment without verifying that it's virus free. To open an attachment, first save it to your hard drive and then scan it with antivirus software, such as Symantec Endpoint Protection.

Incase of Suspicion, it is recommended to submit the Attachment to the Symantec Security Response Team on https://submit.symantec.com/essential

OR

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

Checked this thread

http://www.symantec.com/connect/forums/internet-e-mail-not-scanned-its-arrival

 

Thanks In Advance

Ashish Sharma

 

 

ksu's picture

I have downloaded this eicar file (rem X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*) and want to rename it to other file types(xls/jpg/doc/etc),but when I try to do it the file  disappears from windows explorer.
 
When I try to remove REM and try to save this file as doc/jpg as I can send the file as the attachment in mail,but I cant do it.
 
I have enabled microsoft outlook Auto-Protect in SEP manager (Policy) where my all exchange serveres are.
 

sandra.g's picture

That's because it's being detected and removed by AutoProtect (real-time protection). In your test environment, you will need to download and save the file to a folder that's been excluded from scanning. Once it is saved, you should be able to send the email as an attachment to a computer that has the mail scanning enabled.

There is no need to change the file type. Detections are not made based on the file extension.

Edited to add: The Exchange servers have nothing to with the Outlook mail scanning plugin. This is completely client-side. Your Exchange servers would have something like Mail Security for Microsoft Exchange scanning the server-side traffic.

sandra

Symantec, Senior Information Developer
Enterprise Security, Mobility, and Management - Endpoint Protection

Don't forget to mark your thread as 'solved' with the answer that best helps you!