Forum Discussion
Solved
Threat Explorer: ATT0000x.htm Attachments / VBS/Jenxcus!lnk Malware / what is happening here?
So I'm taking a closer look at the new security center and noticed the following issue repeating. User receives email with attachments (in this case 2 PDFs) - all is good - the attachments are ...
- Ivan, thanks for pointing this out to us. What happened was that one of our anti-malware engines had a false positive verdict on a few instances of this file. Not knowing it was a false positive, an automated process added the file hash for that attachment to our "possible malware" list and that's why the messages are showing up as both "Delivered " and "malware". We started fixing up most of the environment in North America last week but we're still working on marking this file as clean so that it appears "good" for all future instances.
Ivan, thanks for pointing this out to us. What happened was that one of our anti-malware engines had a false positive verdict on a few instances of this file. Not knowing it was a false positive, an automated process added the file hash for that attachment to our "possible malware" list and that's why the messages are showing up as both "Delivered " and "malware". We started fixing up most of the environment in North America last week but we're still working on marking this file as clean so that it appears "good" for all future instances.
thanks for the information. The issue was "fixed" for a few days, though it popped up again, this time under the threat family "ALisp/Bursted.BL". Again only ATT****.htm files, not the actual attachments itself.
Thanks for the info Phil!
