Internet e-mail is not scanned on its arrival
Created: 11 Sep 2012 | Updated: 11 Sep 2012 | 10 comments
Hi every one,
In my environment I'm using SEP 11.0.7 with SEPM.
Few weeks ago I started to receive ocasionaly e-mails with virus attachment (always from partners addres, so I can't just block it)on my desktops. I'm warried why my Symantec doesn't detect the virus on the e-mail arrival. I'm using MS Outlook with POP3 (TCP 110) to receive mail. I have Antivirus and Antispyware policy configured for Internet E-mail Auto-protect and assigned to computers.
Can anyone suggest what am I missing (or is it just a 0 day virus? Every time?)
Discussion Filed Under:
Comments 10 Comments • Jump to latest comment
Hello,
Internet Email Auto-Protect protects both incoming email messages and outgoing email messages that use the POP3 or SMTP communications protocol over the Secure Sockets Layer (SSL). When Internet Email Auto-Protect is enabled, the client software scans both the body text of the email and any attachments that are included.
You can enable Auto-Protect to support the handling of encrypted email over POP3 and SMTP connections. Auto-Protect detects the secure connections and does not scan the encrypted messages. Even if Internet Email Auto-Protect does not scan encrypted messages, it continues to protect computers from viruses and security risks in attachments.
Email attachments are frequently the culprits in virus attacks. To protect yourself from viruses transmitted through email attachments:
Incase of Suspicion, it is recommended to submit the Attachment to the Symantec Security Response Team on https://submit.symantec.com/essential
OR
Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Hy Mithun,
Unfortunately, this doesn’t help me. All that you described I am aware of. Also I think that my entire configuration is correct, but I still have virus undetected from time to time arrived in mail. All my clients have current virus definitions. Detection of viruses is successful if it comes on CD/DVD, USB or network. The problem is only e-mail. My Outlook clients are configured to use standard ports (110 and 25) with no encryption.
Handling emails with attachments is part of company security policy, but, as I said before, most of that infected mails comes from well-known partner (booking.com) and my users trusts them. After few incidents we expand our “security policy” and educated users not to open mails from that partner, but it still doesn’t solve the major problem: “How the virus can come in an email attachment undetected?”
Please give me a hint what to check (I checked all what I was aware of)!.
Hello,
Symantec Endpoint Protection would detect the Threat only if the Attachment is opened.
However, incase if you feel, there is a Virus on the email attachment and Symantec is not detecting it, then save the attachment on the hard drive and submit the Attachment to the Symantec Security Response Team as suggested above.
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Thanks Mithun,
I thought that email is scanned oh its arrival (complete email including attachment). Shouldn’t it “react” on attachment saving (or just opening)?
I'm not saying this is the cause, but is there some reason you're not using the Outlook scanner?
According to "About Auto-Protect and email scanning" (link is below), email scanning is not available for 64-bit clients for 11.x. It also says:
For scans of Lotus Notes and Microsoft Exchange email, Auto-Protect scans only the attachments that are associated with email.
For Internet email scanning of the messages that use the POP3 or SMTP protocols, Auto-Protect scans the following items:
See the following:
About Auto-Protect and email scanning
http://www.symantec.com/docs/TECH95093
You may want to consider Mail Security for Microsoft Exchange.
sandra
Symantec, Information Development, IMDP
Symantec Endpoint Protection / Core Security Engineering Group
Don't forget to mark your thread as 'solved' with the answer that best helped you!
Hi Sandra,
Thanks for the link.
Unfortunately I don’t have Exchange server (jet). I'm planning to implement it in a near future, but right now, I don't have it. I’ll implement Mail Security for Microsoft Exchange as soon as I implement MS Exchange. I have configured MS Outlook Auto-Protect, but it has sense only if I'm using Outlook with Exchange – because of different ports (If I'm not wrong?).
If your Outlook is using POP then the Internet Email scanner should work, and should scan attachments. Are the affected machines running 64-bit operating systems?
sandra
Symantec, Information Development, IMDP
Symantec Endpoint Protection / Core Security Engineering Group
Don't forget to mark your thread as 'solved' with the answer that best helped you!
Hello,
I agree with Sandra. Incase, if these are 64 Bit Systems then Microsoft Exchange and POP3/SMTP email scanning are not compatible.
Check this Article:
Symantec Endpoint Protection 11.0 compatibility with 64-bit platform
http://www.symantec.com/docs/TECH102143
However, these features are supported in the SEP 12.1 Release.
Hope that helps!!
Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3
Twitter: @mithun_sanghavi
Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a
Hi Goran,
If possible, upgrade to SEP 12.1. The Outlook plug-in in that version is 64-bit compatable with many versions of Outlook. Details are in the following article:
Hope this helps!
With thanks and best regards,
Mick
Hi,
are you using SSL? From the help in the SEP client:
Internet Email Auto-Protect
Scans internet email (POP3 or SMTP) and attachments for viruses and security risks; also performs outbound email heuristics scanning.
By default, Internet Email Auto-Protect supports encrypted passwords and email over POP3 and SMTP connections. If you use POP3 or SMTP with Secure Sockets Layer (SSL), then the client detects secure connections but does not scan encrypted messages.
Note:
For performance reasons, Internet Email Auto-Protect for POP3 is not supported on server operating systems. Internet email scanning also is not supported for 64-bit computers.
Email scanning does not support IMAP, AOL, or HTTP-based email such as Hotmail or Yahoo! Mail.
Microsoft Outlook Auto-Protect
Scans Microsoft Outlook email (MAPI and Internet) and attachments for viruses and security risks
Supported for Microsoft Outlook 98/2000/2002/2003/2007/2010 (MAPI and Internet)
If Microsoft Outlook is already installed on the computer when you perform a client software installation, the client software detects the email application. The client automatically installs Microsoft Outlook Auto-Protect.
If you use Microsoft Outlook over MAPI or Microsoft Exchange client and you have Auto-Protect enabled for email, attachments are immediately downloaded. The attachments are scanned when you open the attachment. If you download a large attachment over a slow connection, mail performance is affected. You may want to disable this feature if you regularly receive large attachments.
Note:
On a Microsoft Exchange server, you should not install Microsoft Outlook Auto-Protect.
Regards,
Giuseppe
Would you like to reply?
Login or Register to post your comment.