Solved

Exchange 2007, Symantec Mail Security Running, but getting Bloodhound.RLTrap detected and deleted

Posted on 2011-09-27
2
730 Views
Last Modified: 2013-12-09
Exchange 2007, Symantec Mail Security Running, but getting Bloodhound.RLTrap detected and deleted
I am currently running Windows 2008, Exchange 2007, Symantec Mail Security for Microsoft Exchange ver 6.0.13.302.  Constantly getting the Bloodhound RL Trap, and always deleted, over 20 per day
0
Comment
Question by:jaschmerold
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
2 Comments
 
LVL 30

Accepted Solution

by:
Sudeep Sharma earned 500 total points
ID: 36719936
Bloodhound is the advance heuristic technology used by Symantec products to detect the viruses and worm for which virus definitions are not created yet or you may say they are unknow viruses. But they are detected since the behaviour of the files detected are similar to the know viruses.

If you are getting those alerts it means that Symantec Mail Security for Exchange is removing the message which may contain the malicious code in them.

So I would say that your mail server is been targeted by the spammer and they are sending malware/spyware attached to the email messages.

Further, it is also been found that some legitimate files are also been detected by Bloddhound as malicious but they were not. So in some case it is just false positive. But you are getting 20 or more in a day so I think it is not the case here.

More info on Bloodhound RL Trap

http://www.symantec.com/security_response/writeup.jsp?docid=2011-090504-3041-99

I hope that would help.

Sudeep
0
 

Author Closing Comment

by:jaschmerold
ID: 36975024
Thanks very much for your response, I also talked to Symantec, seems like the virus attempt has died down.  Thanks for your detailed response, was very helpful
0

Featured Post

Enroll in June's Course of the Month

June’s Course of the Month is now available! Experts Exchange’s Premium Members, Team Accounts, and Qualified Experts have access to a complimentary course each month as part of their membership—an extra way to sharpen your skills and increase training.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In-place Upgrading Dirsync to Azure AD Connect
After hours on line I found a solution which pointed to the inherited Active Directory permissions . You have to give/allow permissions to the "Exchange trusted subsystem" for the user in the Active Directory...
To show how to create a transport rule in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: First we need to log into the Exchange Admin Center. Navigate to the Mail Flow >> Rules tab.:  To cr…
how to add IIS SMTP to handle application/Scanner relays into office 365.

691 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question