Why did GMS Anti-Virus allow through a message with a virus?

  1. Home
  2. Knowledge Base
  3. GMS
  4. Why did GMS Anti-Virus allow through a message with a virus?

Question

GMS Anti-Virus manages removing attachements from messages and then checks them for viruses. The first part of this process requires that the attachment is identified and then removed from the message.

There are standards that define how attachments should be encoded when adding them to email messages. All GMS products have correctly identified standard attachments and checked them for viruses.

In April 2002, those writing viruses started to generate non-standard messages in order to transport viruses to other systems. These messages can not be created by mail clients. They are incorrectly formed by having special characters and character sequences in them. In fact, these messages should not be treated by any system as having any attachment at all.

Some badly written mail clients mis-interpret the attachment information and do treat the data as an attachment. Using this mis-interpretation, the viruses can cause themselves to be run on the receivers system. Thus the viruses can effectively evade detection.

Answer

In order to provide additional protection to mail clients using GMS products, GMS Anti-Virus has been updated to identifiy incorrectly formated attachments. When a non-standard attachment is found, the administrator has the following additional options:

  • The administrator can choose to treat any mal-formed attachments as viruses (the default) in which case they are rejected.
  • The administrator can choose to allow the messages through as usual.

See Also:

Keywords:VPP null virus security scanning null Virus checker GMS Anti-virus anti virus antivirus

Was this article helpful?

Related Articles