MailEssentials | Missed malware

Answer

PROBLEM

After installing GFI MailEssentials emails containing malware (viruses, trojans, exploits) are delivered to the users’ mailboxes.

ENVIRONMENT

GFI MailEssentials
All supported environments

SOLUTION

First, please ensure the following issues are not present:

Modules not enabled from configuration

In the GFI MailEssentials Configuration go to EmailSecurity > Virus Scanning Engines and make sure all licensed antivirus engines are enabled.
Check in the General Settings that the license is valid and that the proper inbound domain is in the list.

Emails not processed correctly

Consult the GFI MailEssentials dashboard and verify that the email in question's scan result shows as OK, meaning the email was scanned and not found to be containing a malware attachment. If the email does not show in the dashboard, or shows with a different status, please consult the Skynet article below for more information on how to deal with emails which are either not scanned correctly, or not scanned at all: Missed-spam-MailEssentials

If the above issues are not present

Get the customer to compress the virus emails into a password protected ZIP file
Use the case number and the password of the zip file to name the compressed file, separated by a dash (ex: GFI-123456-123456-password.zip)
Ask the customer to upload the password protected ZIP file to the GFI FTP server and request that he notifies us via email once the sample has been uploaded

Use the following FTP information:

Host: ftp://ftp.gfisoftware.com
User: gfi
Pass: gfi911cust (If using Internet Explorer use ftp://gfi:gfi911cust@ftp.gfisoftware.com)

NOTE: When the upload is finished, you will not be able to see the directory or the files. This is done to safeguard your privacy.

Make use of the following links to submit the malware so that the anti-virus vendors can include the threat in future definitions:

Vipre: https://www.vipreantivirus.com/support/submissions/missed-threat.aspx
BitDefender: http://www.bitdefender.com/submit/
Kaspersky: http://newvirus.kaspersky.com/
Avira: https://analysis.avira.com/en/submit
McAfee: http://www.mcafee.com/us/threat-center/resources/how-to-submit-sample.aspx
Sophos: https://secure2.sophos.com/en-us/support/submit-a-sample.aspx

CAUSE

Either the antivirus engines have been disabled, GFI MailEssentials is not processing emails correctly, or the malware attachment was not in current antivirus definitions.

Choose files or drag and drop files

Tags:

Was this article helpful?

Yes

Priyanka Bhotika
Posted
Updated

Comments

Please sign in to comment