Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Malicious zip file
  •  
tonyswu

Messages: 271
Karma: 5
Send a private message to this user
Hi,

I am sure we are all getting it, emails disguising as coming from Verizon, UPS, FedEx, whatever, saying that there is an invoice of X amount, and the email is attached with a malicious file that looks like a zip file. Shouldn't this be picked up by something, either Sophos or SpamAssassin? I've had a couple of users clicking on that file already, and would like to block it for good.

Thanks.
  •  
freakinvibe

Messages: 1529
Karma: 60
Send a private message to this user
We get them as well and Sophos normally picks them up:

Quote:
This is an informative message sent by mailserver
at mail.mymailserver.org.

The attached message did not pass through the server content filter:

From: <outvotesj60<_at_>ef-law.com>
To: <myname<_at_>mymailserver.org>
Subject: FedEx: AGENT FILE FORM, Tue, 29 Nov 2011 22:33:13 +0000
Date: Tue, 29 Nov 2011 22:33:13 +0000

Problem: Virus found
MIME type: application/zip
File name: FedEx-AgentForm-Application_L5D2Z8HDNA.zip
Virus name: Mal/BredoZp-B
Antivirus: Sophos Scanning Engine (4.71G.3047896/3.25.0.0)


So either you get malicious files that are not in the Sophos DB (yet), or Sophos is not working properly. Is it detecting any viruses?

Dexion AG - The Blackberry Specialists in Switzerland
https://dexionag.ch
  •  
pal

Messages: 55
Karma: 1
Send a private message to this user
The only "infected" zip files regarding to some delivery scam coming trough are the defective one. I use only ClamAV. I got some of the few months ago.
Please take sure that the enclosed file is actually a real threat or just a corrupted zip file.
The files i got had a size of 1KB, can't be opened with an unarchiver and online file scanner report no virus. Because its just a corrupted file, there can't be any virus in it to recognize and block.

There is of course a possibility that you are just that unlucky to be the first in a virus chain and the AV vendors doesn't recognize the new type/variant. In that case you should send the new sample to the AV vendors, if it is a targeted attack you need more serious help but i would doubt the use such a common scheme...

PS: Have you checked if your av service works and is licensed and updated?

[Updated on: Wed, 07 December 2011 13:21]

  •  
Blisk

Messages: 59
Karma: 0
Send a private message to this user
I have the same problems.
People gets zip files and in that zip files are some.exe file which is virus.
That should be somehow prevented.
Antivirus or spam should check inside archive attachments before it deliver to user.
All other mail servers have that option.
Previous Topic: Update to Kerio 8.2.2
Next Topic: Office Kerio Connect Account At Home
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Fri Sep 22 20:59:22 CEST 2017

Total time taken to generate the page: 0.06601 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.