locked
Re: Will OneCare be able to detect a virus in an email's zip attachment, etc.? RRS feed

  • Question

  • Will OneCare be able to detect a virus in an email's zip attachment, i.e. I have NOT clicked on the attachment yet.  If I run a virus scan, will OneCare be able to detect if there is a virus in that zipped attachment to an email that is in my Outlook Inbox? 

     

    I received an email purportedly stating "You've received A Hallmark E-Card!"  the message reads "VIRUS BLOCKER ALERT--This email included an attachment which was identified as containing a virus known as 1.postcard.zip/postcard.exe: W32.Saros@mm -- For your protetion, the attachment was cleaned or removed. -- Powered by Symantec"

     

    HOWEVER, I DO NOT HAVE ANY SYMANTEC PRODUCTS STILL ON MY COMPUTER AS I AM NOW USING MS ONECARE -- THUS, I fear that the email message stating the virus has been removed is false/just a con, to trick you into clicking on the zipped attachment. 

     

    Am I being too paranoid, or is this likely a virus in the zipped file? 

     

    I would delete it, but I was curious to see if I can tell who sent it to me.  I have reason to believe that there is someone out there who may have deliberately sent me a virus in an email.  I tried to view the hidden header info but was not able to do so.

     

    Any opinions would be greatly appreciated.   Thank you for your time, everyone.  JMP88

     

    P.S.  I just did a Google search and found on the Hallmark website that this email is indeed an email virus attachment which has been circulated at least since 2007. This phoney Hallmark e-card email has a zip postcard attachment that if opened will launch a variant of the Zapchast Trojan virus, per the official Hallmark site.  Hallmark also states on their website that Zapchast installs an Internet Relay (IRC) chat client and causes the infected computer to connect to an IRC channel.  Attackers then use that connection to remotely command your machine.  Hallmark states that the subject line of legitimate E-Card notifications from Hallmark will say "A Hallmark E-Card from (name of the sender)" not a generic term like "friend", "Neighbor" or "family member."   The phoney E-card I received, however, simply stated "You've received A Hallmark E-Card!" without saying it was from anyone.  I've forwarded it to abuse@Hallmark.com

     

    I'm still interested to find out whether OneCare will pick it up in the virus scan I'm doing right now.  The Phishing Filter didn't.

    Wednesday, October 8, 2008 12:42 PM

Answers

  • Your email provider is using Symantec on their server to check the mail flowing through the server to you.

     

    Yes, a full virus scan by OneCare will detect a virus in an attachment, but you'll probably get a very helpful message stating Quarantine Failed since OneCare won't try to remove/clean the virus from within an email attachment as doing so could corrupt the email store.

     

    Note that the infected file *was* removed at the server, so the message you have right now in your Inbox is not infect. Delete it.

     

    -steve

    Wednesday, October 8, 2008 3:09 PM
    Moderator

All replies

  • Your email provider is using Symantec on their server to check the mail flowing through the server to you.

     

    Yes, a full virus scan by OneCare will detect a virus in an attachment, but you'll probably get a very helpful message stating Quarantine Failed since OneCare won't try to remove/clean the virus from within an email attachment as doing so could corrupt the email store.

     

    Note that the infected file *was* removed at the server, so the message you have right now in your Inbox is not infect. Delete it.

     

    -steve

    Wednesday, October 8, 2008 3:09 PM
    Moderator
  • Okay, thank you!  And thank you for explaining that my email provider was using Symantec on their server.  Have deleted it!

     

    JMP88

     

    Wednesday, October 8, 2008 3:15 PM
  • You're very welcome.

    By the way, since I have an email account that is exposed publicly through my posts to forums and newsgroups, I get dozens upon dozens of these infected messages daily to that account. :-) Most are flowed right into the Junk Mail folder which I empty multiple times per day and the rest I simply delete.

    -steve

     

    Wednesday, October 8, 2008 3:20 PM
    Moderator