Un-quarantining email attachments

Discussion in 'ESET NOD32 Antivirus' started by SmackyTheFrog, Feb 26, 2009.

Thread Status:
Not open for further replies.
  1. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    I haven't been able to figure this one how to do this, so maybe someone else figured it out. This morning I noticed in the threat log that a user received a scam Delta email with an attached trojan. The Outlook integration caught it, stripped the attachment, and dumped the message in the Infected Items folder as it should. The problem is that we outsource our email filtering to a 3rd party company who should have caught this, so I was going to send them a copy of the message along with the attachment so they could update their filters to stop this vector of attack. I look at the quarantine in the Nod32 gui and the malicious attachment isn't there. I look in the logs a few minutes later in the logs and a copy of the attachments (a variant of Win32/Injector.KD trojan if you care) was submitted to Eset for analysis, so a copy of it exists or existed somewhere, I just couldn't figure out how to get to it.

    So if anyone has instructions on how to get to these threat files that are caught by the email scanner, I would appreciate it so I can submit them to my other security vendor.
     
  2. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Email attachments are not quarantined.
     
  3. SmackyTheFrog

    SmackyTheFrog Registered Member

    Joined:
    Nov 5, 2007
    Posts:
    767
    Location:
    Lansing, Michigan
    Where do they end up? They were removed from the email but obviously a copy was kept somewhere before the message was uploaded during the next update.
     
Thread Status:
Not open for further replies.