Mail watch issue
Jerry Benton
jerry.benton at mailborder.com
Thu Jun 9 16:24:36 UTC 2016
His approach is flawed as sometimes ClamAV and Sophos identify files as viruses if they contain macros, even when they are not viruses. This is also true for Sane Security signatures.
-
Jerry Benton
www.mailborder.com
+1 - 844-436-6245
> On Jun 9, 2016, at 11:22 AM, Philip Parsons <pparsons at techeez.com> wrote:
>
> Thanks Jerry but I have just found the reason.
>
>
> if the virus scanner returns infected status then
> MailWatch will not let you release the message, this is a feature and
> not a bug. I'm probably not going to change how this works - even for
> admins (they should know how to do this from the command-line anyway) as
> it is too dangerous.
>
> -----Original Message-----
> From: MailScanner [mailto:mailscanner-bounces+pparsons=techeez.com at lists.mailscanner.info] On Behalf Of Jerry Benton
> Sent: Wednesday, June 8, 2016 7:28 PM
> To: MailScanner Discussion <mailscanner at lists.mailscanner.info>
> Subject: Re: Mail watch issue
>
> "Everything is working 100% except for when you look at the mail watch list page and an email has been marked as a virus you cannot release it”
>
> I am going to go out on a limb here with a really crazy notion … does the file even exist on the hard drive? Was it actually quarantined? Did you review these settings?
>
>
> # There is no point quarantining most viruses these days as the infected
> # messages contain no useful content, so if you set this to "no" then no
> # infections listed in your "Silent Viruses" setting will be quarantined,
> # even if you have chosen to quarantine infections in general. This is
> # currently set to "yes" so the behaviour is the same as it was in
> # previous versions.
> # This can also be the filename of a ruleset.
> Quarantine Silent Viruses = no
>
> # Do you want to store copies of messages which have been disarmed by
> # having their HTML modified at all?
> # This can also be the filename of a ruleset.
> Quarantine Modified Body = no
>
> # Do you want to quarantine the original *entire* message as well as
> # just the infected attachments?
> # This can also be the filename of a ruleset.
> Quarantine Whole Message = no
>
> # When you quarantine an entire message, do you want to store it as
> # raw mail queue files (so you can easily send them onto users) or
> # as human-readable files (header then body in 1 file)?
> Quarantine Whole Messages As Queue Files = no
>
>
>
>
> -
> Jerry Benton
> www.mailborder.com
> +1 - 844-436-6245
>
>
>
>
>
>
>> On Jun 7, 2016, at 7:54 PM, Philip Parsons <pparsons at techeez.com> wrote:
>>
>> I know this is the MailScanner list but I have posted to the mail watch list and there does not seem to be any takers so I am hopping a MailScanner user might have come across this issues as well.
>>
>> Everything is working 100% except for when you look at the mail watch list page and an email has been marked as a virus you cannot release it, it looks like the path is incorrect but I cannot find where that path is set. Anyone got any ideas.
>>
>> Techeez on the go so please excuse the spelling.
>>
>>
>> --
>> MailScanner mailing list
>> mailscanner at lists.mailscanner.info
>> http://lists.mailscanner.info/listinfo/mailscanner
>>
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
>
> --
> This message has been scanned for viruses and
> dangerous content by MailScanner, and is
> believed to be clean.
>
>
>
> --
> MailScanner mailing list
> mailscanner at lists.mailscanner.info
> http://lists.mailscanner.info/listinfo/mailscanner
>
More information about the MailScanner
mailing list