Messaging Gateway

In particular Packed.Win32.Krap.ao?

My users have been receiving an email supposedly from DHL, with an obvious virus in it, but Brightmail just lets it pass right on through without so much as a warning.

The email goes like this;

"Hello!

Unfortunately we failed to deliver the postal package you have sent on the 19th of September in time because the recipient's address is erroneous.

Please print out the shipment label attached and collect the package at our office.

 

Thank you,
Your DHL"

Attachment: DHL_Print_Copy.zip

Kaspersky finds this virus no problem and deletes. The problem is I'm still in the middle of rolling out Kaspersky and still have Symantec Endpoint protection on some of the systems. It doesn't see the virus either.

Any information as to when this will be resolved is appreciated.

Thank you,

Eric Patterson

Please submit the sample to our submission portal to be really sure.

Normally our Brightmail team is quite fast in detecting spams, so might be worthwhile for you to enable Rapid Release download in your SMS product.

After Hunting around it looks like we do detect this as Trojan.Dropper.  As always if you have ANY doubt ALWAYS submit the files to Security Response.  You should be able to use the link below:

http://www.symantec.com/business/security_response/submitsamples.jsp

-John

Configure the spam threshold. Move the slider a few clicks to the left. And you might want to add the IP the email came from and add that to the blacklist. Maybe send your logs to Symantec so they can modify their blacklist as well.

I've seen those emails in our SBG and it is marked as spam. So we didn't get the attachment into our system.

I sure hope botnets haven't figured out how to avoid honeypots.