Re: Trend's change to how it reacts to eicar
With pattern 653 (from today) this change in how Scanmail reacts to the EICAR file has been returned to the way it was (it no longer passes the EICAR by default anymore). Cheers > Greetings all, > > I recently had a problem with Scanmail 6.1 that required using the eicar > file to troubleshoot (SM was not quarantining when I configured it to do > so). To my surprise, no matter what I set the action to SM would pass the > eicar file (it sees it and alerts on it...but "passes" it). So needless > to say I got alarmed because who knows what else it was "passing". So I > opened a case. After a week and 12 engineers later I found this: > > http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=16659&submit2=Search > > > Which was also confirmed by this email from Trends support: > "We have asked our Pattern PM regarding this issue and he told us that > this was because of requests from marketing to change the active action of > EICAR Test file to pass. This can be resolved by changing the Active > Action on SMEX. We are in negotiations with SMEX team on their preferred > Active Action. Please wait for further announcements." > > I wanted to share this with the list for those of us who are using SM (I > suspect a number of us are since it tends to be the most recommended). > For my current problem this leaves me with no way to trouble shoot it > (sending a live virus through SM to see if it quarantines stuff is what I > am left with which isnt gonna happen). > > I personally have big problems with this change (and the fact it was > forced on all Trend customers without making it some sort of option) and I > have told Trend my feelings about it .but I am but a single voice. > Anyhow...now you know if you did not before. > > Enjoy, > > Steve _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Trend's change to how it reacts to eicar
I like Trend. We've had it for over 3 years now and haven't gotten a virus in that time. However, I just got the price quote for maintenance and it jumped 23% over last year. I'm seriously considering a different product. Right now, I'm looking at Sybari's Antigen with anti-spam module. Paul Chinnery Network Administrator Mem Med Ctr -Original Message- From: Steve [mailto:[EMAIL PROTECTED] Sent: Friday, October 03, 2003 12:27 PM To: Exchange Discussions Subject: RE: Trend's change to how it reacts to eicar I honestly have not had much trouble with Trend and compared to "other" AV products that I have used. Trend overall has given me the least trouble (up till now). This is really the only bad thing I have see come out of Trend's development group recently. I do have some gripes about Trend's support structure, to which I will be discussing with them in detail during a conf at some point(12 engineers and a week (all at night mind you...I don't know where they are but this is a problem in it self) to identify something that they changed that their support staff didn't know about), but I was really disappointed by this decision, which from my threads with Trend was requested by their marketing group (not quite sure how this benefits the marketing group...but whatever). Either way, personal gripes aside, I wanted to at least make people aware that the eicar it not as useful as it once was in testing Trend's AV products (now all it does is alert that it saw the eicar, but not take any action on it). This is not a deal breaker yet, Trend has provided a hacked SmexVS.exe file that will not pass the eicar, which will require some testing on my part. I honestly am not fond of using this hacked SmexVS.exe because I don't believe I should have to (and what happens with I upgrade to v6.2? There are some support issues that I still have to iron out). They should not have made this change IMHO. Anyhow...that is my rant and you have been warned :-) -steve > I always find that funny, as I've worked with them for 6 years without > incident, and my dealings with Panda were, well, enough to make me never use > their products. Ever. > > That's probably why there is competition in the marketplace - there are good > and bad points to all the products, and its up to us to pick the one with > the right mix of those for our own environments. > > We, too, have been free[1] since implementing Trend in production. We're > also fortunate enough to be running a multilayered defense with significant > ability to enforce attachment blocking and other things which often prevent > us from ever seeing viruses past the borders. > > -- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > [1] Knock on synthetic, wood-like substance > > > > -Original Message- > > From: Todd Graham [mailto:[EMAIL PROTECTED] > > Sent: Friday, October 03, 2003 7:56 AM > > To: Exchange Discussions > > Subject: RE: Trend's change to how it reacts to eicar > > > > > > Steve, > > > > I installed trend about a year ago and uninstalled it 2 months later, > > they are a horrible company to deal with, I had an issue they couldn't > > or wouldn't resolve. At least I got my money back! Now I > > use Panda and > > Surfcontrol and I have been virus free and most spam never makes it to > > my network. > > > > Todd > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Steve > > Sent: Wednesday, October 01, 2003 12:05 PM > > To: Exchange Discussions > > Subject: Trend's change to how it reacts to eicar > > > > Greetings all, > > > > I recently had a problem with Scanmail 6.1 that required > > using the eicar > > file to troubleshoot (SM was not quarantining when I > > configured it to do > > so). To my surprise, no matter what I set the action to SM would pass > > the > > eicar file (it sees it and alerts on it...but "passes" it). > > So needless > > to say I got alarmed because who knows what else it was > > "passing". So I > > opened a case. After a week and 12 engineers later I found this: > > > > http://kb.trendmicro.com/solutions/solutionDetail.asp?solution > > Id=16659&s > > ubmit2=Search > > > > > > Which was also confirmed by this email from Trend's support: > > "We have asked our Pattern PM regarding this issue and he told us that > > this was because of requests from marketing to c
RE: Trend's change to how it reacts to eicar
I honestly have not had much trouble with Trend and compared to "other" AV products that I have used. Trend overall has given me the least trouble (up till now). This is really the only bad thing I have see come out of Trend's development group recently. I do have some gripes about Trend's support structure, to which I will be discussing with them in detail during a conf at some point(12 engineers and a week (all at night mind you...I don't know where they are but this is a problem in it self) to identify something that they changed that their support staff didn't know about), but I was really disappointed by this decision, which from my threads with Trend was requested by their marketing group (not quite sure how this benefits the marketing group...but whatever). Either way, personal gripes aside, I wanted to at least make people aware that the eicar it not as useful as it once was in testing Trend's AV products (now all it does is alert that it saw the eicar, but not take any action on it). This is not a deal breaker yet, Trend has provided a hacked SmexVS.exe file that will not pass the eicar, which will require some testing on my part. I honestly am not fond of using this hacked SmexVS.exe because I don't believe I should have to (and what happens with I upgrade to v6.2? There are some support issues that I still have to iron out). They should not have made this change IMHO. Anyhow...that is my rant and you have been warned :-) -steve > I always find that funny, as I've worked with them for 6 years without > incident, and my dealings with Panda were, well, enough to make me never use > their products. Ever. > > That's probably why there is competition in the marketplace - there are good > and bad points to all the products, and its up to us to pick the one with > the right mix of those for our own environments. > > We, too, have been free[1] since implementing Trend in production. We're > also fortunate enough to be running a multilayered defense with significant > ability to enforce attachment blocking and other things which often prevent > us from ever seeing viruses past the borders. > > -- > Roger D. Seielstad - MTS MCSE MS-MVP > Sr. Systems Administrator > Inovis Inc. > > [1] Knock on synthetic, wood-like substance > > > > -Original Message- > > From: Todd Graham [mailto:[EMAIL PROTECTED] > > Sent: Friday, October 03, 2003 7:56 AM > > To: Exchange Discussions > > Subject: RE: Trend's change to how it reacts to eicar > > > > > > Steve, > > > > I installed trend about a year ago and uninstalled it 2 months later, > > they are a horrible company to deal with, I had an issue they couldn't > > or wouldn't resolve. At least I got my money back! Now I > > use Panda and > > Surfcontrol and I have been virus free and most spam never makes it to > > my network. > > > > Todd > > > > -Original Message- > > From: [EMAIL PROTECTED] > > [mailto:[EMAIL PROTECTED] On Behalf Of Steve > > Sent: Wednesday, October 01, 2003 12:05 PM > > To: Exchange Discussions > > Subject: Trend's change to how it reacts to eicar > > > > Greetings all, > > > > I recently had a problem with Scanmail 6.1 that required > > using the eicar > > file to troubleshoot (SM was not quarantining when I > > configured it to do > > so). To my surprise, no matter what I set the action to SM would pass > > the > > eicar file (it sees it and alerts on it...but "passes" it). > > So needless > > to say I got alarmed because who knows what else it was > > "passing". So I > > opened a case. After a week and 12 engineers later I found this: > > > > http://kb.trendmicro.com/solutions/solutionDetail.asp?solution > > Id=16659&s > > ubmit2=Search > > > > > > Which was also confirmed by this email from Trend's support: > > "We have asked our Pattern PM regarding this issue and he told us that > > this was because of requests from marketing to change the > > active action > > of > > EICAR Test file to pass. This can be resolved by changing the Active > > Action on SMEX. We are in negotiations with SMEX team on their > > preferred > > Active Action. Please wait for further announcements." > > > > I wanted to share this with the list for those of us who are > > using SM (I > > suspect a number of us are since it tends to be the most > > recommended). &
RE: Trend's change to how it reacts to eicar
I always find that funny, as I've worked with them for 6 years without incident, and my dealings with Panda were, well, enough to make me never use their products. Ever. That's probably why there is competition in the marketplace - there are good and bad points to all the products, and its up to us to pick the one with the right mix of those for our own environments. We, too, have been free[1] since implementing Trend in production. We're also fortunate enough to be running a multilayered defense with significant ability to enforce attachment blocking and other things which often prevent us from ever seeing viruses past the borders. -- Roger D. Seielstad - MTS MCSE MS-MVP Sr. Systems Administrator Inovis Inc. [1] Knock on synthetic, wood-like substance > -Original Message- > From: Todd Graham [mailto:[EMAIL PROTECTED] > Sent: Friday, October 03, 2003 7:56 AM > To: Exchange Discussions > Subject: RE: Trend's change to how it reacts to eicar > > > Steve, > > I installed trend about a year ago and uninstalled it 2 months later, > they are a horrible company to deal with, I had an issue they couldn't > or wouldn't resolve. At least I got my money back! Now I > use Panda and > Surfcontrol and I have been virus free and most spam never makes it to > my network. > > Todd > > -Original Message- > From: [EMAIL PROTECTED] > [mailto:[EMAIL PROTECTED] On Behalf Of Steve > Sent: Wednesday, October 01, 2003 12:05 PM > To: Exchange Discussions > Subject: Trend's change to how it reacts to eicar > > Greetings all, > > I recently had a problem with Scanmail 6.1 that required > using the eicar > file to troubleshoot (SM was not quarantining when I > configured it to do > so). To my surprise, no matter what I set the action to SM would pass > the > eicar file (it sees it and alerts on it...but "passes" it). > So needless > to say I got alarmed because who knows what else it was > "passing". So I > opened a case. After a week and 12 engineers later I found this: > > http://kb.trendmicro.com/solutions/solutionDetail.asp?solution > Id=16659&s > ubmit2=Search > > > Which was also confirmed by this email from Trend's support: > "We have asked our Pattern PM regarding this issue and he told us that > this was because of requests from marketing to change the > active action > of > EICAR Test file to pass. This can be resolved by changing the Active > Action on SMEX. We are in negotiations with SMEX team on their > preferred > Active Action. Please wait for further announcements." > > I wanted to share this with the list for those of us who are > using SM (I > suspect a number of us are since it tends to be the most > recommended). > For my current problem this leaves me with no way to trouble shoot it > (sending a live virus through SM to see if it quarantines > stuff is what > I > am left with...which isn't gonna happen). > > I personally have big problems with this change (and the fact it was > forced on all Trend customers without making it some sort of > option) and > I > have told Trend my feelings about itbut I am but a single voice. > Anyhow...now you know if you did not before. > > Enjoy, > > Steve > > > > _ > List posting FAQ: http://www.swinc.com/resource/exch_faq.htm > Web Interface: > http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&t ext_mode=& lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang =english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
RE: Trend's change to how it reacts to eicar
Steve, I installed trend about a year ago and uninstalled it 2 months later, they are a horrible company to deal with, I had an issue they couldn't or wouldn't resolve. At least I got my money back! Now I use Panda and Surfcontrol and I have been virus free and most spam never makes it to my network. Todd -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Steve Sent: Wednesday, October 01, 2003 12:05 PM To: Exchange Discussions Subject: Trend's change to how it reacts to eicar Greetings all, I recently had a problem with Scanmail 6.1 that required using the eicar file to troubleshoot (SM was not quarantining when I configured it to do so). To my surprise, no matter what I set the action to SM would pass the eicar file (it sees it and alerts on it...but "passes" it). So needless to say I got alarmed because who knows what else it was "passing". So I opened a case. After a week and 12 engineers later I found this: http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=16659&s ubmit2=Search Which was also confirmed by this email from Trend's support: "We have asked our Pattern PM regarding this issue and he told us that this was because of requests from marketing to change the active action of EICAR Test file to pass. This can be resolved by changing the Active Action on SMEX. We are in negotiations with SMEX team on their preferred Active Action. Please wait for further announcements." I wanted to share this with the list for those of us who are using SM (I suspect a number of us are since it tends to be the most recommended). For my current problem this leaves me with no way to trouble shoot it (sending a live virus through SM to see if it quarantines stuff is what I am left with...which isn't gonna happen). I personally have big problems with this change (and the fact it was forced on all Trend customers without making it some sort of option) and I have told Trend my feelings about itbut I am but a single voice. Anyhow...now you know if you did not before. Enjoy, Steve _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&; lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED] _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]
Trend's change to how it reacts to eicar
Greetings all, I recently had a problem with Scanmail 6.1 that required using the eicar file to troubleshoot (SM was not quarantining when I configured it to do so). To my surprise, no matter what I set the action to SM would pass the eicar file (it sees it and alerts on it...but "passes" it). So needless to say I got alarmed because who knows what else it was "passing". So I opened a case. After a week and 12 engineers later I found this: http://kb.trendmicro.com/solutions/solutionDetail.asp?solutionId=16659&submit2=Search Which was also confirmed by this email from Trends support: "We have asked our Pattern PM regarding this issue and he told us that this was because of requests from marketing to change the active action of EICAR Test file to pass. This can be resolved by changing the Active Action on SMEX. We are in negotiations with SMEX team on their preferred Active Action. Please wait for further announcements." I wanted to share this with the list for those of us who are using SM (I suspect a number of us are since it tends to be the most recommended). For my current problem this leaves me with no way to trouble shoot it (sending a live virus through SM to see if it quarantines stuff is what I am left with which isnt gonna happen). I personally have big problems with this change (and the fact it was forced on all Trend customers without making it some sort of option) and I have told Trend my feelings about it .but I am but a single voice. Anyhow...now you know if you did not before. Enjoy, Steve _ List posting FAQ: http://www.swinc.com/resource/exch_faq.htm Web Interface: http://intm-dl.sparklist.com/cgi-bin/lyris.pl?enter=exchange&text_mode=&lang=english To unsubscribe: mailto:[EMAIL PROTECTED] Exchange List admin:[EMAIL PROTECTED]