Email virus not detected coming in but detected when forwarded

Norton Security | Norton Internet Security
1

I have NIS ver. 20.3.1.22 and was puzzled by an event today. I received four phishing emails purporting to come from Amazon and decided to forward them to stop-spoofing@amazon.com. NIS then reported that my email contained a virus. My question is 'why was the virus not detected on the way in?'

2
pedroparkes wrote:

I have NIS ver. 20.3.1.22 and was puzzled by an event today. I received four phishing emails purporting to come from Amazon and decided to forward them to stop-spoofing@amazon.com. NIS then reported that my email contained a virus. My question is 'why was the virus not detected on the way in?'

Hi,

I think part of my response to your other message also applies here. The other point being that phishing isn't a virus and while it can be a real PITA it doesn't usually damage anything more than your peace of mind. Detection of these infections isn't one of Norton's strong points. The scanneers I mentioned appear to focus on those infections to a greater degree.

As to why on the way out and not on the way in, I can't guess. If you didn't open the email that might be the key.

Keep us posted

3

Hi pedroparkes,

 

Did NIS report a virus, or did you get an alert that your outgoing message could not be delivered?  If the latter, the anwer to your question is that when you forwarded the phishing messages, they were blocked by the ISP's spam filter at the server and Norton displayed the notification from the ISP about the failed delivery.  You should always forward phishing emails and spam samples as attachments, rather than as messages themselves.  If you did get a virus notification from Norton, we will need more information about what it blocked.

4

The history reports the following: (sorry for the format!)

 

Category: Email Errors

Date & Time,Risk,Activity,Status,Recommended Action

14/05/2013 11:34:25,High,550-ATLAS(2509): Your email contained a virus. (RCPTs:  ,Error,No Action Required

5
pedroparkes wrote:

The history reports the following: (sorry for the format!)

 

Category: Email Errors

Date & Time,Risk,Activity,Status,Recommended Action

14/05/2013 11:34:25,High,550-ATLAS(2509): Your email contained a virus. (RCPTs:  ,Error,No Action Required

That is Norton's record of the email server rejecting the message - it is not Norton detecting a threat.  The ATLAS server did not like the message and kicked it back with a 550 error code.  "Your email contained a virus" could be a generic response for any message that is rejected because of dangerous content - either malware or phishing.  Were there attachments to the messages?  If not, they would not have contained viruses.  If there were dangerous links in the body of the messages, Norton would not alert you until you clicked on one of them.  So, from what you have provided it is hard to say why the server rejected the messages, even though Norton did not alert to anything.  It really depends on how you receive your email, what you do with it after receipt, and what the server was calling a "virus."