Guest User!

You are not Sophos Staff.

Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 6 subscribers
  • Views 3546 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

FedEx email virus? not detected

leilani

today I received an email with a zipped file that pretends to be from FedEx.  I had prior knowledge of the "scam" and I'm pretty sure the attached zip is a virus; probably a "Windows OS" virus, but a virus.

Sophos for Mac did not detect any threats, I got no pop ups, nothing.  So I opened Sophos and had it scan the directory that the email is in.  It still did not find it.

Is there a procedure for sending in samples of "suspected" viruses??  (I realize that I need to delete the file and email, but was wondering if I could send it in so Sophos can add it to a database or something.)

thanks. 

:1000691


This thread was automatically locked due to age.
Parents
  • 0

    Is there a procedure for sending in samples

    Yes. But read carefully (sorry if this should be too technical for you but others might benefit from it).

    Please do so only for items you have scanned (see the reply to your second post why you have to extract a suspicious attachment first) and either:

    • the analysis for the item in the Action tab asks you to do so (and, I want to add, it's not a Windows-only threat)
    • the scan turns up clean but you have a strong suspicion
    • it might be related to an alert (that's more esoteric and usually involves e.g. inspecting and assessing objects in temp or cache locations)

    Please do not send "something" just because you don't know what it is or where it comes from and do not report spam (ignore the link to article 23113 in the document I'll point to below - it should be used only by customers using the applicable products).

    Now, Submitting samples of suspicious files to Sophos describes the procedure to follow. You have to put the sample in a password protected .zip file (otherwise a gateway security software might remove it -or- the on-access scanner will prevent browser upload). To do this you first have to safely collect it. While the article describes the procedure for WIndows only (it'll probably get amended) you can easily "translate" it to Mac OS.

    So, Linda, you'll probably just delete this one. But kudos for thinking of and asking about it.

    Christian

    :1000719
Reply
  • 0

    Is there a procedure for sending in samples

    Yes. But read carefully (sorry if this should be too technical for you but others might benefit from it).

    Please do so only for items you have scanned (see the reply to your second post why you have to extract a suspicious attachment first) and either:

    • the analysis for the item in the Action tab asks you to do so (and, I want to add, it's not a Windows-only threat)
    • the scan turns up clean but you have a strong suspicion
    • it might be related to an alert (that's more esoteric and usually involves e.g. inspecting and assessing objects in temp or cache locations)

    Please do not send "something" just because you don't know what it is or where it comes from and do not report spam (ignore the link to article 23113 in the document I'll point to below - it should be used only by customers using the applicable products).

    Now, Submitting samples of suspicious files to Sophos describes the procedure to follow. You have to put the sample in a password protected .zip file (otherwise a gateway security software might remove it -or- the on-access scanner will prevent browser upload). To do this you first have to safely collect it. While the article describes the procedure for WIndows only (it'll probably get amended) you can easily "translate" it to Mac OS.

    So, Linda, you'll probably just delete this one. But kudos for thinking of and asking about it.

    Christian

    :1000719
Children
No Data