Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1679
Views
0
Helpful
2
Replies

IronPort RAR virus

Bechara.abouraha
Level 1
Level 1

‎11-27-2014 05:31 AM

Dears,

 

I found that McAfee AV doesn't scan RAR files for viruses, even test virus cant clean it, however sophos can clean it, below is an example

 

7 Nov 2014 15:00:06 (GMT +02:00)Message 329833 scanned by Anti-Virus engine McAfee. Interim verdict: CLEAN
27 Nov 2014 15:00:06 (GMT +02:00)Message 329833 scanned by Anti-Virus engine Sophos. Interim verdict: REPAIRED
27 Nov 2014 15:00:06 (GMT +02:00)Message 329833 scanned by Anti-Virus engine. Repaired message parts: 'EICAR-AV-Test'
27 Nov 2014 15:00:06 (GMT +02:00)Message ID 329833 rewritten to new message ID 329834 by antivirus.
Labels:
0 Helpful
2 Replies 2

Bechara.abouraha
Level 1
Level 1

‎12-05-2014 07:31 AM

Can someone from cisco Help,

 

this is a critical bug for all the customers that are running IronPort with Mcafee AV

0 Helpful

exMSW4319
Level 3
Level 3
In response to Bechara.abouraha

‎12-05-2014 11:54 AM

Bechara, from memory not all anti-virus vendors detect Eicar as it's a virus only by convention. Leaving aside the RAR compression and the question of whether the IronPort McAfee module can handle Eicar, can an ordinary desktop installation of McAfee spot it?

If your end-users don't need RAR-compressed archives, simply block or drop RAR attachments. We do.

0 Helpful
Customers Also Viewed These Support Documents