1

I have some SCR viruses being sent in a ZIP file that are bypassing the Trend Scanner on Exchange 2010 SP1 CU7.

There are a few reasons I can think this would be occurring

  • The email message has strange characters, causing the RFC2822 engine in Trend to break, therefore missing the attachment

  • There is a threading issue in the Trend Code that skips scanning some email messages under load

  • There is an issue in the MSFT Transport Agent code that means some messages skip the Trend Hub Transport agent

  • Trend Scanmail noticed that we are above our license count and will only scan X messages of Y total, creating this intentional vulnerability

Can anyone validate, add to, prioritize, or refute what may be going on?

I will share the virus file if so desired/acceptable by the community.

makerofthings7
  • 8,911
  • 34
  • 121
  • 197
  • 3
    Frankly, any one of those issues would be enough to get me to toss an A/V program on the trash heap and go with a different company. Not an answer to your question, but something to consider. A/V that usually scans incoming files is less useful than parachute that usually opens... because you could make a tent out of that useless parachute. – HopelessN00b Dec 23 '14 at 21:03

0 Answers0