Scanning Outgoing Email

I have a Win 7 machine. Today when I run a win xp virtual pc (which has no av software) a popup from bt 2011 showed up saying that it is scanning outgoing email. Needless to say I was not sending any email at the time and I am only using the gmail web interface for my email.


I saw a few solutions explaining how to disable the outgoing email scanning. However I do not feel comfortable doing that since I am not sure that there isn't an actual threat in the virtual pc.


My two questions are:


1 is there a place in the logs where I can see what sort of email is being scanned?


2 is this a bug of bt or should I delete the virtual machine since it is suspicious?

Comments

  • Hello Filon


    That virtual machine could be infected if you don't have an antivirus product in it.


    Also, you Antispam scanner can only scan emails from clients like Microsoft Outlook and Mozilla Thunderbird. if you receive that pop-up and you haven't configured an email client on the real or the virtual machine, the virtual one could be infected.


    Also, please note that you can upgrade for FREE to Bitdefender 2012. Check out this topic:


    http://forum.bitdefender.com/index.php?act...f=211&id=42


    Thank you.

  • fagath
    edited December 2011

    Thank you for your reply.


    I am in the process of finding out whether the virtual machine is infected. An initial scan showed a couple of trojans so now I have disabled the virtual machine's internet access.


    A log of all email scans would be helpful. Is there one in bt?


    Hello Filon


    That virtual machine could be infected if you don't have an antivirus product in it.


    Also, you Antispam scanner can only scan emails from clients like Microsoft Outlook and Mozilla Thunderbird. if you receive that pop-up and you haven't configured an email client on the real or the virtual machine, the virtual one could be infected.


    Also, please note that you can upgrade for FREE to Bitdefender 2012. Check out this topic:


    http://forum.bitdefender.com/index.php?act...f=211&id=42


    Thank you.

  • rootkit
    rootkit ✭✭✭
    edited December 2011

    Welcome back


    It should create a log that is collected by our support tool.


    Please follow the steps explained in the article below and send me via PM the generated log file:


    http://forum.bitdefender.com/index.php?showtopic=29927


    If you were already asked to generate the log file, disregard the message above and just post the ticket ID.


    Thank you.

  • Is this log viewable by me?


    I need to know how many emails were sent, by who to whom and with what subject.


    Welcome back


    It should create a log that is collected by our support tool.


    Please follow the steps explained in the article below and send me via PM the generated log file:


    http://forum.bitdefender.com/index.php?showtopic=29927


    If you were already asked to generate the log file, disregard the message above and just post the ticket ID.


    Thank you.

  • rootkit
    rootkit ✭✭✭
    edited December 2011

    Hello


    You can view the log because is not encrypted.


    Also, please note that our product scans all the traffic that passes thought the network card. If the email was sent/received from that infected machine, the action might not be logged.


    I will take a look and if I find anything, I will send you that log file so you can view all the actions.


    Thank you. Take care.

  • I have the support tool running for the past 2 hours and it is still "getting event logs" . It hasn't crashed but it seems too long!


    Is this normal behaviour? I am planning to leave it overnight anyway.


    The ability to view the email scanning log would be a nice feature of bt don't you think?


    Running the support tool, uploading the log file and having a volunteer to analyse it and return the results is way too much for such a simple task!


    Hello


    You can view the log because is not encrypted.


    Also, please note that our product scans all the traffic that passes thought the network card. If the email was sent/received from that infected machine, the action might not be logged.


    I will take a look and if I find anything, I will send you that log file so you can view all the actions.


    Thank you. Take care.

  • I left the support tool overnight but it hasn't finished and oddly enough hasn't crashed.


    Any ideas?


    In the meantime I uninstalled windows xp mode and reinstalled. Apparently there was some trojan sending emails from within the virtual machine.


    Still I need to find out how many emails were sent and to whom.

  • rootkit
    rootkit ✭✭✭
    edited December 2011

    Hi :)


    So you are using Windows XP Mode...


    Bitdefender was note designed to be installed in this special type of virtual machine and also installing it on the host machine does not guarantee to the user that the virtual environment will be protected.


    Also, even if you manage to send me those logs, I don't thing any data regarding this current situation was collected because of the special functionality of Windows XP Mode.


    Please try again to run that support tool.


    You can also try to run it in Safe Mode.


    [How to restart in SAFE MODE With Networking]


    - Restart the computer;


    - Press the "F8" key several times before Microsoft Windows begins to load; you need to press "F8" until you will be displayed a text menu;


    - Select "SAFE MODE With Networking"


    Thank you. Take care.

  • I had this similar problem a year ago. I think it's impossible to really know how many emails were sent out. I didnt find a log file like you're asking.

  • rootkit
    rootkit ✭✭✭

    Hello :)


    You can find out from the logs, but you need to active the logging first.


    And this is only used in troubleshooting procedures.


    Take care.

This discussion has been closed.