Trojan.agent.bcbi In A Zip File Email Attachment

I use Gmail to read emails from .y ISP's POP email account.


Gmail detected a virus in an attachment to an email and refused to download the email.


Thunderbird, which has Bitdefender antispam enabled for this POP account failed to flag the email.


When I saved the .zip attachment to my hard drive, Bitdefender on-access failed to detect the trojan in the .zip file.


When I opened the .ZIP file w Winzip, Bitdefender failed to detect the trojan.


When I opened the .ZIP file in Windows Explorer, Bitdefender failed to detect the trojan.


When I right-clicked the .ZIP file and chose to manually scan it w Bitdefender, it detected the Trojan.Agent.BCBI


Why did Bitdefender fail to detect the trojan in so many layers of access to the infected email attachment?


Is the on-access scanning feature of looking inside email attachments not working correctly?


Thanks.


Aloke

Comments

  • VERY interesting! I would like to see an answer on this as well!

  • alokep
    edited March 2014

    Some more details. This forum refuses to accept the attachment (I renamed it to "Infected - xxxxx.zip"), probably rightfully so.


    I uploaded the zip file to the false -ve link at the top of the forum, which created an email support ticket. Haven't heard back.


    On a full system scan, BD detected (and quarantined) the trojan in the zip file in the recycle bin and deleted the zip file.


    It appears that when forced to scan the zip file, BD does detect the malaware, but it does not detect emails with infected zip files as attachments, nor does it detect the trojan in the content of the zip file when saving the attachment, and even when opening the zip file with Winzip ver 15.5, or opening the zip file with Windows Explorer.


    I obviously did not try to run the EXE inside the zip file, and maybe BD would have caught it then. But that is too risky, IMO. Ideally, it should scan attachment s and inside the attachments and catch the problem there.

  • No, other ZIP files are OK.


    I got this email from BD in response to a follow-up survey:


    ----


    Thank you for taking the time to complete our online survey. Your feedback is highly appreciated and will help us improve both our products as well as our services.


    Please note that the sample you sent was received and is currently being analyzed by our laboratories. Once it will be analyzed, a fix will be released via an automatic update, so there is nothing else you need to do.


    Let me know if there is anything else I may assist you with.


    Have a great day!


    ----


    My concern is not the detection, but why it detects this when the file is scanned on-demand, but not on access or when the email is downloaded from the POP server.

  • I seem to have the same issue with all files. BD does not scan when unzippping and savinhg malware files. No wonder it feels so light on my system, it is not sanning anything :-(

  • I use Gmail to read emails from .y ISP's POP email account.


    Gmail detected a virus in an attachment to an email and refused to download the email.


    Thunderbird, which has Bitdefender antispam enabled for this POP account failed to flag the email.


    When I saved the .zip attachment to my hard drive, Bitdefender on-access failed to detect the trojan in the .zip file.


    When I opened the .ZIP file w Winzip, Bitdefender failed to detect the trojan.


    When I opened the .ZIP file in Windows Explorer, Bitdefender failed to detect the trojan.


    When I right-clicked the .ZIP file and chose to manually scan it w Bitdefender, it detected the Trojan.Agent.BCBI


    Why did Bitdefender fail to detect the trojan in so many layers of access to the infected email attachment?


    Is the on-access scanning feature of looking inside email attachments not working correctly?


    Thanks.


    Aloke


    By default, Bitdefender does not scan archive folders as it requires a higher level of computer resources. The option can be selected though in Settings > Antivirus > Antivirus Settings > Shield > Custom. Click the "Scan Inside Archives" option.


    More information from Bitdefender:


    ● Scan inside archives. Scanning inside archives is a slow and resource-intensive


    process, which is therefore not recommended for real-time protection. Archives


    containing infected files are not an immediate threat to the security of your


    system. The malware can affect your system only if the infected file is extracted


    from the archive and executed without having real-time protection enabled.


    If you decide on using this option, you can set a maximum accepted size limit of


    archives to be scanned on-access. Select the corresponding check box and type


    the maximum archive size (in MB).