This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Malicious payload detected in emails

We have been receiving emails for the last few weeks - with subject "Undeliverable email"

The emails appear to come from totally random - but genuine sources - and all contain "malicious payload"

I have done an IP trace on many of them - and they always produce a blank

Here's a typical one :

 

"This message was created automatically by mail delivery software. Your email message was not delivered as is to the intended recipients because malware was detected in one or more attachments included with it. All attachments were deleted.

--- Additional Information ---:

 Subject: HM revenue & customs

Sender: UnitedKingdom@lundbeck.com

 Time received: 7/18/2018 9:27:23 AM

Message ID:<20180718092416.351650274930B451@lundbeck.com>

Detections found:

Letter of income.pdf      Malicious Payload"

 

What can we do about this ?

Do we need to download and install MTD separately to version 5.5.0 enterprise console ?



This thread was automatically locked due to age.
Parents
  • Hello Weeboo,

    this is definitely not an Endpoint question unless they actually originate within your network (and then you'd have to identify the offending source first). Hard to say without the headers or the raw message, this might or might not be backscatter.

    Christian

Reply
  • Hello Weeboo,

    this is definitely not an Endpoint question unless they actually originate within your network (and then you'd have to identify the offending source first). Hard to say without the headers or the raw message, this might or might not be backscatter.

    Christian

Children
  • QC said:

    Hello Weeboo,

    this is definitely not an Endpoint question unless they actually originate within your network (and then you'd have to identify the offending source first). Hard to say without the headers or the raw message, this might or might not be backscatter.

    Christian

     

    It appears that MTD is not installed on our server - Enterprise 5.5.0

    Is this not included as standard ?

    I have run the test script and nothing has been detected ,,,

  • Hello Weeboo,

    MTD is not installed on our server
    MTD is an Endpoint component included with all licenses except Endpoint Protection Standard. Please not that (for whatever reason) it will not install on on-premise (SEC) managed servers.

    More important - I don't see how MTD (or any Endpoint component) should come into play here? You're talking about emails, aren't you, and MTD deals with HTTP traffic of non-browser applications. So maybe there's some misunderstanding w.r.t MTD.

    Christian