Sign in
Microsoft.com
 
Forefront Server Security TechCenter
 
 
 
Forefront Server Security TechCenter > Forefront Server Security Forums > Antigen > Virus Definition Files and Covered Viruses.
Ask a questionAsk a question
Search Forums:
 

QuestionVirus Definition Files and Covered Viruses.

  • Tuesday, July 15, 2008 10:08 PMMitchell2038 Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    How in the world with the AntiGen product do I know if a paticular virus is covered?

    For example my supervisor requested to know if Antigen can detect the UPS_invoice virus that sends out fake UPS e-mails.  Sadly I cannot verify this virus would be detected by the Antigen product however I can go to just about any other Anti-Virus products web page and quickly tell if it would be detected or not.

    Please advise if there is such a link for the Antigen product or if I need to recommend we go with another software vendors product.
     

All Replies

  • Wednesday, July 16, 2008 5:27 PMDennis Canuto - MSFT Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote

    The engines that Antigen uses are all third-party.  So, if you had a concern whether a particular virus was covered by one or all of the engines in Antigen, you would have to visit the anti-virus vendor's site.  Or you could call in and submit the virus (as a password-protected zip file), and we can analyze it to verify it it should be caught or not by the engines.

     
  • Friday, June 05, 2009 3:29 PMcness Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    OK, that was really a "punt" if I've ever seen one.  Sybari would have taken care of this answer instead of putting it off their partners.  This STUPID UPS bs is still going on and it's getting through my engines.  It's really hard to make a support call with the engine companies since support is through MS.  What's funny is OneCare will eat this thing once it's out of the email.  Why can't Antigen get to it first???!
     
  • Friday, June 05, 2009 3:54 PMRob - MSFT Users MedalsUsers MedalsUsers MedalsUsers MedalsUsers Medals
     
    Sign In to Vote
    0
    Sign In to Vote
    Hi,

    I actually created a blog providing admins the resources to investigate engine coverage for specific malware or suspected malware without having to pay for a support case to be opened:

    http://blogs.technet.com/fssnerds/archive/2009/02/09/how-to-determine-if-antigen-or-forefront-server-catch-specific-malware-without-paying-for-a-support-incident.aspx

    If this specific email is not actually MALWARE, but a phishing scam of sorts where users are taking the initiative of clicking on a link and/or willingly providing personal data, I am not sure if the engines will catch this as it is not the email/attachment itself that is harmful but it's the users action that invites the issue.

    In any event, I understand the fustration and desire to stop these emails. The bottom line is that you want them gone. If you are running Antigen's Spam Cure engine, I would strongly recommend providing a sample to us via the following procedure:  http://support.microsoft.com/kb/924951

    Once you provide the sample, there is uaully a 48 hour (business days) turn-around for Spam Cure's signature list to be updated, tested, and published. You will not receive any notification that the sample was received nor will you receive a confirmation that the signature list was udpated. You will simply stop seeing the unsolicited emails getting into your environment.

    Finally, if there is a specififc keyword or phrase in the body or subject line of the email, you can leverage Antigen's filtering functionality to create an efficient filter and defend against these emails appropriately;  http://technet.microsoft.com/en-us/library/bb914073.aspx

    I hope this help a bit

    Rob



    Rob M