SurgeMail Archive: [SurgeMail List] Re: Avast on PCs has newer patterns than on SM

Subject:	[SurgeMail List] Re: Avast on PCs has newer patterns than on SM
From:	surgemail-support
Date:	05-Sep-2016
Interesting, I'm guessing avast just aren't pushing the updates out for this part of their api as frequently. I'll ask avast. Oh, there is a new setting I rather like for dealing with zero hour viruses. g_virus_strangers "true" This simply rejects any binary attachment (.exe,.bat etc) if the sender is not a listed friend. Simple but very effective at cutting down how many viruses make it through. ChrisP, On 6/09/2016 10:26 a.m., surgemailHIDDEN@etwinsite.com wrote: > Logs from SM: > > ============================================ > > 05 17:32:25[41612] Rcpt 201.156.165.191 <MooneyHIDDEN@ntel.net.mx> <stuart@nowire.us> 0 "" > 05 17:32:26[41612] Received 201.156.165.191 MooneyHIDDEN@ntel.net.mx <stuart@nowire.us> 16647 <46eed164a8e5da58fcddb541820c80bd@nowire.us> "Relay=islocal, nrcpt=1, s=[copies]" > 05 17:32:26[41612] Aspam 201.156.165.191 MooneyHIDDEN@ntel.net.mx <stuart@nowire.us> 16647 <46eed164a8e5da58fcddb541820c80bd@nowire.us> "notrust ***************: 15.0 sd=15.0 Close nspam=1 nok=0 1.00 $0.99(Sender's IP was on Spamha) $0.99(ArmResearchSpam) $0.85(X-Verify-SMTP present) 0.84(From: ends in numbers) $0.80(X-Phrase:isspam) $0.70(X-myrbl:unknown) 0.54(X-NotAscii:utf) $0.48(X-LangGuess:English) Sane 1.0 SanScore 10.0 15.0" > 05 17:32:26.74 [41612] Spam 201.156.165.191 <MooneyHIDDEN@ntel.net.mx> <stuart@nowire.us> 16647 <46eed164a8e5da58fcddb541820c80bd@nowire.us> "[201.156.165.191] SpamDetect" > 05 17:32:26.76 [41612] Stored 201.156.165.191 <MooneyHIDDEN@ntel.net.mx> <stuart@nowire.us> 16647 <46eed164a8e5da58fcddb541820c80bd@nowire.us> "[201.156.165.191] Pending manual confirmation - user set to silent mode" > ================================================ > > status log for Avast on SM: > > Engine v922 Virus database 160905-1 (05.09.2016) Last checked 1.8 hrs ago [SUCCESS(no upgrade)] > > ================================================= > > > X-headers from the mail client (snippet): > ===================================================== > > X-Antivirus: avast! (VPS 160905-2, 09/05/2016), Inbound message > > X-Antivirus-Status: Infected > > X-Attachment: 8b74283bfbf.zip#2137073678\|>utility_bills_copies D9AD1699.js Virus: JS:LockyDownloader [Trj] Deleted > > ======================================================== > > What the mail looked like after Avast on the client PC deleted the trojan attachment; this mail also went to the user's spam folder: > ==================================== > Hi stuart, Letitia told me you have lost some of the last few months' utility bills. > So, I am sending to you the copies saved in my computer. Let me know if I sent the right receipts. > > > Best Regards, > Deidre Mooney > ===================================== > > Avast status on SM 30 minutes after the PC-Avast system caught the trojan: > > Engine v922 Virus database 160905-1 (05.09.2016) Last checked 0.1 hrs ago [SUCCESS(no upgrade)] > > Conclusion: Avast on SM isn't being updated in sync with Avast on the end user PCs. The PCs have newer patterns, the -2, versus the -1 in this case. I have SM set to update Avast every 2 hours. The SM log shows that the update is attempted, but that there isn't a new pattern, but the mail client X-headers show the newer pattern that caught the trojan. So, is SM actually asking for an update but Avast isn't providing it, or is something else occurring? >

Last Message | Next Message


Search website: