We are running Norton Internet protect on the client (Win7) and Endpoint on our server.
Three emails arrived in Inbox on client with a compressed file attachment continaing a .exe file, which I am pretty sure is not going to be a nice one. Neither Norton product picked anything up and mail was delivered. I have run a manual scan and Norton reports no infection.
I am thinking that there must be something here as spammers rarely send out compressed .exe files without some kind of payload ... Where do i send the email/file for further checking? - I am sure there's something not nice in it and am concerned that Norton is allowing these (and other similar spam emails with compressed attachments) through
We are running Norton Internet protect on the client (Win7) and Endpoint on our server.
Three emails arrived in Inbox on client with a compressed file attachment continaing a .exe file, which I am pretty sure is not going to be a nice one. Neither Norton product picked anything up and mail was delivered. I have run a manual scan and Norton reports no infection.
I am thinking that there must be something here as spammers rarely send out compressed .exe files without some kind of payload ... Where do i send the email/file for further checking? - I am sure there's something not nice in it and am concerned that Norton is allowing these (and other similar spam emails with compressed attachments) through
If you don't know the sender I'd delete the whole mess and forget it. If you do know the sender then ask them what they sent. If they deny sending anything, delete it and advise them that their address book may be compromised.
It's not an issue when it arrives in my inbox ... I would always spot it. (I'd like to think!)
It's the fact that Norton is letting them through and they are arriving in several Inboxes throughout the company ... it only takes someone to click it whiel not thinking ... and it could be Virii time!
What email client are you using on the client computers?
As you found, when you tried to extract the file, the different layers of protection in NIS caught and dealt with the infected file. The same should happen if any of the workers 'accidentally' click on the attachment.
Norton can only scan emails if your using a supported email client like Outlook and if the email comes in through a non-encrypted port.
The purpose of a SSL connection is to prevent the email from being "read" or intercepted between the email server and email client and that is where the scanning has to happen, in between entering your system and the email client.
If your using a supported email client without a encrypted port then Norton will scan "inside" zip files as long as the setting to scan compressed files is not disabled.
Also keep in mind that a bad exe may not actually be malicious, it could be a "downloader".
in last week on yahoo mail encresed spam mesages with attachments of this style some are good joke's since i reside in Romania and never traveled to US and i get fake billing orders for energy company or to present myself on some days in court in front of a judje
edit:even if i add the email adress to the blocked they seem to change the sender adress