Back to Community Threads
SmarterMail 9420 installer detected as virus
Problem reported by Philip Kuok - 10/17/2025 at 1:45 AM
Resolved
P
When I tried to download SmarterMail_9420.exe, Windows Defender blocked it and said it contains Trojan:Win32/Wacatac.B!ml virus.

Is this false positive or the installer is infected?
Patrick Jeski Replied
10/17/2025 at 6:59 AM
Defender doesn't find anything with my copy.
Gabriele Maoret - SERSIS Replied
10/17/2025 at 7:20 AM
MS Defender also blocked my download ( Trojan:Win32/Wacatac.B!ml ):
Gabriele Maoret - Head of SysAdmins and CISO at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
S
Sérgio Rocha Replied
10/17/2025 at 8:42 AM
HI,

Same problem where, defender finds Trojan:Win32/Sabsik.EN.Alml in SmarterMail_9420.exe


Regards,

SMR
I cant trigger defender even if I scan it....
N
Nathan Replied
10/17/2025 at 10:11 AM
Virustotal shows ESET-NOD32 flagging it:

https://www.virustotal.com/gui/file/9327dbc376dece7b5dd2af0391ca4fa2aa06d099e39e0995918dba7258f49d41?nocache=1

SentinelOne does not detect as problematic (running on my device)
Patrick Jeski Replied
10/17/2025 at 10:26 AM
Tried another computer with freshly updated defender, and it shows clean.
Gabriele Maoret - SERSIS Replied
10/18/2025 at 2:11 AM
It may be a false positive, but the fact remains that on our Windows 2022 servers, both MS Defender and ESET block it (I've done all the updates possible...)

We need a statement from SmarterTools, and possibly a fix for these "false positives" (if they are)...
Gabriele Maoret - Head of SysAdmins and CISO at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
S
Sérgio Rocha Replied
10/18/2025 at 2:56 AM
It will be nice to have an official post by ST
S
SmP Replied
10/18/2025 at 3:02 PM
Following, seeing this as well but with a different trojan definition from defender. Hopefully it's not a supply chain attack and just a false positive. 
T
Tan Replied
10/18/2025 at 11:16 PM
Hmmm looking forward to official statement too and will feeeze all updates for now
S
SmP Replied
10/20/2025 at 7:33 AM
72 hours and nothing from SmarterTools so we're hoping that it's not an upstream supply chain breach.
Tim Uzzanti Replied
10/20/2025 at 5:08 PM
Employee Post Marked As Resolution
False detection, and we submitted the installer to be evaluated for exclusion, which we need to do once or twice a year with whatever random antivirus vendor flags something.  It is a normal occurrence.  
Tim Uzzanti CEO SmarterTools Inc. www.smartertools.com
T
Tan Replied
10/20/2025 at 10:44 PM
Thanks for the assurance 
Gabriele Maoret - SERSIS Replied
10/20/2025 at 11:28 PM
Tested 5 minutes ago:
- MS Defender --> now it's clean
- ESET-NOD32 --> detected as a variant of Win32/XYNTService.A 

ESET probably hasn't checked the file and created the exclusions yet...
Gabriele Maoret - Head of SysAdmins and CISO at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
S
Sérgio Rocha Replied
10/21/2025 at 12:38 AM
Thanks Tim, i was holding by breath
R
Rick Baranowski Replied
10/31/2025 at 9:26 AM
Just an FYI, I have brought this up over a year ago that ESET was catching the installer as a virus and SM support said they where aware and will submit as well but every version that I have downloaded since then to upgrade has been caught by ESET.
Derek Curtis Replied
11/2/2025 at 4:27 PM
Employee Post
Every once in awhile our installer gets caught. We haven't had any reports of it until this most recent one, so I'm not sure how every one is caught by Eset. If it is caught flagged, let us know and we will deal with it. 
Derek Curtis COO SmarterTools Inc. www.smartertools.com
Back to Community Threads

Reply to Thread

Enter the verification text
Related Knowledge Base Articles
Microsoft Defender Antivirus and Virus Scanner ExceptionsSmarterMail > Troubleshooting
Reducing ClamAV False PositivesSmarterMail > Troubleshooting
SmarterMail for Linux – SSL/TLS & Certificate ReferenceSmarterMail > Server Configuration and Management
Automatic SSL Certificates on a New SmarterMail ServerSmarterMail > Server Configuration and Management
Force Webmail Traffic Over HTTPSSmarterMail > Server Configuration and Management