MailScanner: Could not analyze message
Achim J. Latz
achim+mailwatch at qustodium.net
Tue Mar 29 15:23:27 IST 2011
Good afternoon:
Did this issue get resolved? I am seeing exactly the same issue today
with emails that are generated by sendgrid.info. I found a couple of
support articles [1, 2], but they address MailScanners anti-phishing
rather than the MIME parser.
At the same time, I tried to disable all content checks (first via rules
file, now completely like so):
Dangerous Content Scanning = no
and still the messages get scanned and ultimately bounced with "Could
not analyze message".
Is there a way to fix this, or at least turn the checks off? Is
"Dangerous Content Scanning" perhaps the wrong setting for this behaviour?
Thanks, Achim
[1]
<http://support.sendgrid.com/entries/360112-mailscanner-has-detected-a-possible-fraud-attempt>
[2]
<https://www.interspire.com/support/kb/questions/1104/Recipients+are+seeing+phrases+like+%22MailScanner+has+detected+a+possible+fraud+attempt+from...%22>
On 21/05/2010 15:55, Julian Field wrote:
> You can get it if you have Raw Queue Files switched on, straight from
> the quarantine.
>
> On 21/05/2010 14:44, Gary Faith wrote:
>> I can get the message in the spam quarantine folder but how do I get
>> the raw message? Do I need to shutdown MailScanner and only have
>> sendmail running until after they say it was sent or is there some
>> other way to get it?
>> Gary
>>
>> >>> Julian Field <MailScanner at ecs.soton.ac.uk> 5/21/2010 5:33 AM >>>
>> Can you send me a URL of a sample message (raw queue files preferred) so
>> that I can try this out for you please?
>>
>> Jules.
>>
>> On 19/05/2010 21:12, Gary Faith wrote:
>> > I have some e-mail being sent by one individual to MailScanner
>> running ver 4.79.11 and the messages are getting tagged as {Dangerous
>> Content?}. I am running MailScanner with clamav& sanesecurity
>> signatures, scamnailer, razor, pyzor& dcc. Mailwatch reports that it
>> isn't a virus it is "Other Infection":
>> >
>> > Anti-Virus/Dangerous Content Protection
>> > Virus: N
>> > Blocked File: N
>> > Other Infection: Y
>> > Report:MailScanner: Could not analyze message
>> >
>> > The message has contains this:
>> >
>> > Warning: This message has had one or more attachments removed
>> > Warning: (the entire message).
>> > Warning: Please read the "XXX-Attachment-Warning.txt" attachment(s)
>> for more information.
>> >
>> > This is a message from the MailScanner E-Mail Virus Protection Service
>> > ----------------------------------------------------------------------
>> > The original e-mail message contained potentially dangerous content,
>> > which has been removed for your safety.
>> >
>> > At Wed May 19 15:36:22 2010 the content filters said:
>> > MailScanner: Could not analyze message
>> >
>> > The sender uses Maximizer to generate the e-mail with a PDF
>> attachment. I had the sender use Maximizer and send only the message
>> without the attachment and it comes in fine. I had them send only the
>> attachment via Outlook and it comes in fine. It seems the problem is
>> with Mazimizer but I am not sure why.
>> >
>> > I can send the quarantined message or whatever is needed to
>> determine the problem off list.
>> >
>> > I need help in tracking down where the problem is and getting it fixed.
>> >
>> > Thanks,
>> >
>> > Gary Faith
--
Achim J. Latz, Qustodium Internet Security
achim.latz at qustodium.net · http://www.qustodium.net
Data Encryption · Backup Automatisation · E-Mail Protection
More information about the MailScanner
mailing list