Video Screencast Help
Search Video Help Close Back
to help

Missing outlook plugin. Not detecting Eicar files

Created: 21 Oct 2012 | 5 comments
Nicolasferos's picture
Nicolasferos Symantec Employee
0 0 Votes
Login to vote

Hi everyone,

I have been a long time checking for a solution or at least information that can tell me something about this little plugin, but nothing solved my doubts on these threads.

 

I have a customer that need to test the outlook plugin, but he has the SMS on the exchange server and he cannot disable it to make the tests, obviously.

The thing is that the tries to send an email with an eicar attached, but no notification of virus from Outlook AP appears. He saves it on a draft, and also nothing: the attachment still continue there. He can preview it, and when he open it, its detected by normal SEP Autoprotect.

In others threads, this solution was given:

--------------

If you use Microsoft Outlook over MAPI or Microsoft Exchange client and you have Auto-Protect enabled for email, attachments are immediately downloaded to the computer that is running the email client. The attachments are scanned when the user opens the message. If you download a large attachment over a slow connection, mail performance is affected. You may want to disable this feature for users who regularly receive large attachments.

-----------

But personally i dont get the point. Does this means that the attachment is saved on the computer and after opening it, its detected? Isnt it the role of the normal AutoProtect?

The second thing is that no icon, or option for scanning is displayed on the emails.

The plugin is correctly installed and enabled. The version is SEP 12.1 RU1 MP1, and outlook 2010. I know i should recommend the customer not to install, but he wants to know how it works.

I would appreciate any suggestion or explanation of how this plugin works, and if possible how it could be possible to test in my customers case.

 

Thank you very much in advance!

Discussion Filed Under:
, , , ,

Comments 5 CommentsJump to latest comment

GeoGeo's picture
GeoGeo
Missing outlook plugin. Not detecting Eicar files - Comment:22 Oct 2012 : Link

SEP is not a dedicated email scanning product it will only pick up the items when accessed on the local machine. Also by default logging of eicars is turned off on the SEPM this needs to be turned on to check the logs for eicars.

For mail scanning something like SMSME needs to be placed on the excahnge server.

Please review ideas and vote there could be something useful :)

https://www-secure.symantec.com/connect/security/ideas

 

0
Login to vote
  • Actions
Nicolasferos's picture
Nicolasferos Symantec Employee
Missing outlook plugin. Not detecting Eicar files - Comment:22 Oct 2012 : Link

Thank you GeoGeo!

I will check the eicar options on manager.

The last thing, do you know if some options should appear on the emails, or an option to scan the attachment? I guess no..

I really dont see the point on this plugin. It does not generate trust on customers, i think.

0
Login to vote
  • Actions
Nicolasferos's picture
Nicolasferos Symantec Employee
Missing outlook plugin. Not detecting Eicar files - Comment:22 Oct 2012 : Link

Btw, where is the option to enable/disable Eicar logging on the manager? I can not find it.

Thx!

0
Login to vote
  • Actions
Ashish-Sharma's picture
Ashish-Sharma
Missing outlook plugin. Not detecting Eicar files - Comment:22 Oct 2012 : Link

HI,

About Auto-Protect and email scanning
http://www.symantec.com/docs/TECH95093

Check this thread also

http://www.symantec.com/connect/forums/internet-e-mail-not-scanned-its-arrival

Thanks In Advance

Ashish Sharma

SEPM Knowledgebase Documents  

 

0
Login to vote
  • Actions
Mithun Sanghavi's picture
Mithun Sanghavi Symantec Employee Technical Support Accredited
Missing outlook plugin. Not detecting Eicar files - Comment:22 Oct 2012 : Link

Hello,

Internet Email Auto-Protect protects both incoming email messages and outgoing email messages that use the POP3 or SMTP communications protocol over the Secure Sockets Layer (SSL). When Internet Email Auto-Protect is enabled, the client software scans both the body text of the email and any attachments that are included.

You can enable Auto-Protect to support the handling of encrypted email over POP3 and SMTP connections. Auto-Protect detects the secure connections and does not scan the encrypted messages. Even if Internet Email Auto-Protect does not scan encrypted messages, it continues to protect computers from viruses and security risks in attachments.

Email attachments are frequently the culprits in virus attacks. To protect yourself from viruses transmitted through email attachments:

  • Don't open any attachment you were not expecting, even if it comes from a trusted source, such as a family member, co-worker, or friend.
  • If you do not know the sender of a message that includes an attachment, delete the message without reading it.
  • Do not open any attached file ending in .exe, .vbs, or .lnk.
  • Never open an attachment without verifying that it's virus free. To open an attachment, first save it to your hard drive and then scan it with antivirus software, such as Symantec Endpoint Protection.

Incase of Suspicion, it is recommended to submit the Attachment to the Symantec Security Response Team on https://submit.symantec.com/essential

OR

Using Symantec Support Tool, how do we Collect the Suspicious Files and Submit the same to Symantec Security Response Team.

However, incase if you feel, there is a Virus on the email attachment and Symantec is not detecting it, then save the attachment on the hard drive and submit the Attachment to the Symantec Security Response Team as suggested above.

Reference: https://www-secure.symantec.com/connect/forums/internet-e-mail-not-scanned-its-arrival

Hope that helps!!

Mithun Sanghavi
Symantec Technical Support Engineer, SEP
MIM | MCSA | MCTS | STS | ITIL v3

Twitter: @mithun_sanghavi

Don't forget to mark your thread as 'SOLVED' with the answer that best helps you.<&a

0
Login to vote
  • Actions