Video Screencast Help

How to clean a virus or trojan horse from e-mail with SEP 12.1.3

Created: 05 Jan 2014 | 13 comments

Hello to everyone.

One of my clients that run sep 12.1.3 has detected trojan horse on e-mail but it can not clean or delete. i can not manual delete mail because i do not know which mail is it. Is any way to clean trojan horse from mail ro not???

Operating Systems:

Comments 13 CommentsJump to latest comment

.Brian's picture

Assuming you're using the email scanning plugin(?) it will scan your emails for malware, however, there may be cases where it cannot remove it. This can be due to a few reasons, such as the attachment being password protected, in which case SEP will be able to open it and remove the bad file.

Does your risk log tell what PC this happened on? You should be able to narrow it down to the particular machine.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

P_K_'s picture

You need to make sure that Enable Internet AP/ MSOutlook AP is enabled

https://www-secure.symantec.com/connect/forums/symantec-endpoint-protection-email-scanning-option

Else you have to look at Messaging Gateway or Brightmail Gateway

MCT MCSE-2012 Symantec Technical Specialist (SCTS)

pete_4u2002's picture

how do you know the email have the trojan?

does the email has/had attachment?

 

a6viper's picture

Hello again. First we use thunderbird for email client. Second i know which pc has the trojan but when i try to clean from the same pc it does not deleted. The trojan horse is backdoor spybot.

 

.Brian's picture

Try running a full scan in safe mode

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

pete_4u2002's picture

do you have the file? can you submit it to Symantec security response?

 

James007's picture

First you can scan your system and submit file Symantec Security Response Team

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team

http://www.symantec.com/connect/articles/using-sym...

Mick2009's picture

Hi a6viper,

Can you post the log exceprt from where the threat is detected? 

A manual scan with the latest definitions should be all that is required to remove the great majority of threats that SEP 12.1.3 detects.  Some need a full system scan in safe mode, and a few need manual removal steps.  Looking at the log should help the experts here on Connect let you know what should happen.

Many thanks!

Mick

With thanks and best regards,

Mick

a6viper's picture

That is the virus log file from the sep client from the pc with the virus and trojan horse

AttachmentSize
sep_virus_log.rar 1.78 KB
.Brian's picture

This is from one of those emails (UPS, FedEx, DHL) that claim they have a package waiting for you and to print out some sort of receipt, shipping lable, etc.

Either way, this will need to be manually deleted as SEP can't clean inside the backup file. If you have a the email scanner enabled, it either missed it or couldn't clean for whatever reason.

 

 

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

a6viper's picture

It will need manually deleted or is any other software that can deleted those mail??

.Brian's picture

Best bet is to manually delete to get rid of the file. I'm sure you could try another free scanner, although I would expect similar results.

As for the email, you'll need to delete from within the client or it can be done from the server side by an admin

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Internet Email Auto-Protect protects both incoming email messages and outgoing email messages that use the POP3 or SMTP communications protocol over the Secure Sockets Layer (SSL). When Internet Email Auto-Protect is enabled, the client software scans both the body text of the email and any attachments that are included.

You can enable Auto-Protect to support the handling of encrypted email over POP3 and SMTP connections. Auto-Protect detects the secure connections and does not scan the encrypted messages. Even if Internet Email Auto-Protect does not scan encrypted messages, it continues to protect computers from viruses and security risks in attachments.

Email attachments are frequently the culprits in virus attacks. To protect yourself from viruses transmitted through email attachments:

  • Don't open any attachment you were not expecting, even if it comes from a trusted source, such as a family member, co-worker, or friend.
  • If you do not know the sender of a message that includes an attachment, delete the message without reading it.
  • Do not open any attached file ending in .exe, .vbs, or .lnk.
  • Never open an attachment without verifying that it's virus free. To open an attachment, first save it to your hard drive and then scan it with antivirus software, such as Symantec Endpoint Protection.

Incase of Suspicion, it is recommended to submit the Attachment to the Symantec Security Response Team on https://submit.symantec.com/essential

OR

Using Symantec Help (SymHelp) Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team

http://www.symantec.com/connect/articles/using-sym...

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.