How to determine if Antigen or Forefront Server catch specific malware without paying for a support incident
Hello, my name is Robert McCarthy and I am a support engineer for the Antigen and Forefront Server product set.
Since the advent of Antigen, its hallmark feature has been the ability to incorporate multiple third party scan engines into our scan jobs. This makes Antigen, and Forefront Server alike, the most complete antivirus application available.
Since being introduced to Antigen in 2001, I have seen functionality develop and improve based on customer feedback, functionality requests, and the visions of our dedicated product groups. Today Forefront for Exchange 2007 notably differs from Antigen in 2001 but our multi-scan engine functionality remains. Although this provides our customer base the most comprehensive AV on the market, it does present a unique circumstance to our administrators; the need to confirm which of our multitude of scan engines has appropriate signatures available for each of the vast array of virus, worms, and the their newest variants.
The question usually encompasses the following; “I read about the following e-mail virus, will Antigen/Forefront catch this? ”
Because each engine vendor may apply a unique name to the same malware, this question is not always easy to immediately answer, especially if the administrator does not have a sample.
Without an actual malware sample, the responsibility of the MS engineer at this point is to research each engine vendor’s public AV libraries for the referenced malware, as well as identify any unique alias that a vendor may use to label that malware.
With that being said, I would like to provide the following public resources enabling an administrator to save their company the cost of opening a support case with Microsoft. These are links to each engine vendor’s AV libraries.
Norman - https://www.norman.com/Virus/List_of_detected_viruses/en-us
Sophos - https://www.sophos.com/security/analyses/viruses-and-spyware/
CA Vet - https://www.ca.com/us/anti-virus.aspx
Authentium Command - https://www.authentium.com/threatmatrix/
AhnLab - https://global.ahnlab.com/
VirusBuster - https://www.virusbuster.hu/en/viruslab/
Kaspersky - https://www.kaspersky.com/viruswatchlite?hour_offset=-8
MSAV- https://www.microsoft.com/security/portal/submit.aspx
In the event you are indeed able to provide a sample of what you believe may be malware, Microsoft’s Malware Protection Portal provides a virus submission component enabling our engineers to quickly analyze the file and provide appropriate feedback.
Of course our support staff is always happy to assist if you have any additional questions or concerns.
Thanks and keep fighting the good fight…
Rob McCarthy
CSS Security Support Engineer