Email attachment - .exe file within a zip file - Norton says it's safe. I am sure it isn't!

We are running Norton Internet protect on the client (Win7) and Endpoint on our server.

 

Three emails arrived in Inbox on client with a compressed file attachment continaing a .exe file, which I am pretty sure is not going to be a nice one. Neither Norton product picked anything up and mail was delivered. I have run a manual scan and Norton reports no infection.

 

I am thinking that there must be something here as spammers rarely send out compressed .exe files without some kind of payload ... Where do i send the email/file for further checking? - I am sure there's something not nice in it and am concerned that Norton is allowing these (and other similar spam emails with compressed attachments) through


boatwright wrote:

We are running Norton Internet protect on the client (Win7) and Endpoint on our server.

 

Three emails arrived in Inbox on client with a compressed file attachment continaing a .exe file, which I am pretty sure is not going to be a nice one. Neither Norton product picked anything up and mail was delivered. I have run a manual scan and Norton reports no infection.

 

I am thinking that there must be something here as spammers rarely send out compressed .exe files without some kind of payload ... Where do i send the email/file for further checking? - I am sure there's something not nice in it and am concerned that Norton is allowing these (and other similar spam emails with compressed attachments) through


Welcome,

You can send your messages to

http://www.symantec.com/business/security_response/submitsamples.jsp
or
https://submit.symantec.com/antifraud/phish.cgi

for evaluation

If you don't know the sender I'd delete the whole mess and forget it. If you do know the sender then ask them what they sent. If they deny sending anything, delete it and advise them that their address book may be compromised.

Keep us posted

Hi

 

It's not an issue when it arrives in my inbox ... I would always spot it. (I'd like to think!)

 

It's the fact that Norton is letting them through and they are arriving in several Inboxes throughout the company ... it only takes someone to click it whiel not thinking ... and it could be Virii time!

 

I'll send it to the address you gave

 

Thanks

 

 

 

PS ...  Also shouldn't there be a feature to "Scan single file"

 

I tried extracting another .exe file within a .zip email attachment and Norton reported a Trojan and caught the file

 

Why didn't it scan the attachment coming in though?

What email client are you using on the client computers?

 

As you found, when you tried to extract the file, the different layers of protection in NIS caught and dealt with the infected file. The same should happen if any of the workers 'accidentally' click on the attachment.

 

 

 

Norton can only scan emails if your using a supported email client like Outlook and if the email comes in through a non-encrypted port.

The purpose of a SSL connection is to prevent the email from being "read" or intercepted between the email server and email client and that is where the scanning has to happen, in between entering your system and the email client.

 

If your using a supported email client without a encrypted port then Norton will scan "inside" zip files as long as the setting to scan compressed files is not disabled.

Also keep in mind that a bad exe may not actually be malicious, it could be a "downloader".

 

Dave

in last week on yahoo mail encresed spam mesages with attachments of this style some are good joke's since i reside in Romania and never traveled to US and i get fake billing orders for energy company or to present myself on some days in court in front of a judje :smileylol:

edit:even if i add the email adress to the blocked they seem to change the sender adress