Summary:

The latest virus pattern file may have incompatibilities with older virus engines.

Symptom:

You have the latest virus pattern file installed in the EMF Virus Manager, but EMF is passing certain viruses through (for example, the virus is detected by virus scanning software on your internal mail server).

Detailed Information:

The problem is that the latest virus pattern file may not be fully compatible with older virus engines.

Resolution:

Open the EMF Webadmin > Set Up > Anti-Virus > Updates page, and press the "Update Scan Engine Now..." button, to ensure you have the latest virus engine installed.

EMF uses virus technology from McAfee to detect and clean viruses from messages based on the policies you set. There may be situations where the latest virus engine released by McAfee is not yet available from Tumbleweed, because it has not been tested with our code. One such situation was with the 4140 engine, the 4172 virus pattern file, and some later viruses, like BADTRANS and its variants. When EMF supported virus engine version 4140, the 4150 engine was required to detect the BADTRANS virus. However, McAfee pulled the System Development Kit for 4150 because of some issues that were not disclosed to us, so we could not integrate 4150 with EMF. Since 4160 was not yet available, and the 4140/4172 combination was not effective against BADTRANS, you as the EMF admin could go to the McAfee website (www.nai.com), locate the virus using the Virus Library link, and add a policy to your EMF server to stop email with the relevant file attachments. For example, since the badtrans.b virus sent attachments with the extensions .PIF and .SCR, you could write a policy to quarantine all messages with those attachments. When engine 4160 became available, these policies could be disabled.

Additional Info:

Please also see related articles on the right.