Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Issues > Archive > Reporting a virus fails

[F] Alt-N Discussion Groups / MDaemon Discussion Groups / MDaemon Issues / Archive /

Reporting a virus fails

[Cramp, Edmund]
Edmund Cramp
Novice
Novice
Posts: 239

MDaemon
Outlook Connector
WebAdmin
Edmund Cramp - 08:30am, Dec 16 2021

I used the "Report to MDaemon.com as Virus False Negative" feature because the quarantined email contained Invoice24123.lha which VirusTotal reports as infected. But the submission to MDaemon was rejected:
  Final-Recipient: rfc822, virusfn@mdaemon.com
  Last-Attempt-Date: Thu, 16 Dec 2021 06:34:15 -0600
  Remote-MTA: dns, smtp1.mdaemon.com
  Diagnostic-Code: smtp, 550 Sorry, this message contains RAR/Trojan.PEWA-7 virus
  Status: 5.0.0
  Action: failed
But locally both CyrenAV and ClamAV show as updated this morning.

  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Arron Caruth - Dec 16, 2021 8:57 am (#1 Total: 2)  

Guest User  

Photo of Author
Posts: 1
The Cyren AV engine running in our SG server is detecting the virus. My guess is that there was not a virus definition for it when your server received the email, but there is now.  If your server has the latest virus definitions, it will probably also detect it. 

If you place the email in your mailbox and then try to forward it to another user, does your server detect it?

I recently changed the virusfn account to no longer be excluded from AV scanning because we were sending a lot of files to Cyren that they were already detecting.  The simple solution was to start checking the inbound emails.

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email

Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

On Thu, 16 Dec 2021 08:30:47 -0500, "lists-md-issues@mdaemon.com (Edmund Cramp)" <lists-md-issues@mdaemon.com> wrote:
I used the "Report to MDaemon.com as Virus False Negative" feature because the quarantined email contained Invoice24123.lha which VirusTotal reports as infected. But the submission to MDaemon was rejected:
  Final-Recipient: rfc822, virusfn@mdaemon.com
  Last-Attempt-Date: Thu, 16 Dec 2021 06:34:15 -0600
  Remote-MTA: dns, smtp1.mdaemon.com
  Diagnostic-Code: smtp, 550 Sorry, this message contains RAR/Trojan.PEWA-7 virus
  Status: 5.0.0
  Action: failed
But locally both CyrenAV and ClamAV show as updated this morning.

View/reply at Reporting a virus fails
--MD-ISSUES---------------------------------------------------------------
This list is for questions and discussions regarding issues with MDAEMON. 
To unsubscribe from this mailing list send an email to 
md-issues-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------

--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------

--MD-ISSUES---------------------------------------------------------------
This list is for questions and discussions regarding issues with MDAEMON.
To unsubscribe from this mailing list send an email to
md-issues-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!-----------------------------------------------------

--------------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
--------------------------------------------------------------------------

Replies to this message
  • Edmund Cramp (Dec 16, 2021 2:06 pm)


    • Edmund Cramp - Dec 16, 2021 2:06 pm (#2 Total: 2)  

     

    Photo of Author
    Edmund Cramp
    Novice
    Novice
    Posts: 239

    MDaemon
    Outlook Connector
    WebAdmin
    Replying to: Arron Caruth (Dec 16, 2021 8:57 am)
    The Cyren AV engine running in our SG server is detecting the virus. My guess is that there was not...

    Thanks, that's what happened - when I forwarded the email I got this message:
        Your message did not reach some or all of the intended recipients
    Subject: FW: FYR
    Sent: Thursday, December 16, 2021 12:58 PM
        550 5.6.0 Sorry, virus detected within message
    All users mail is scanned at 5:15am, and most recent AV update was at 2:19am - maybe it would help you if an email reporting "false" results included the current update levels and option selections. It you are sending files to Cyren that they were already detecting then maybe it tells you something about your users environments failing to detect things?

    [Last Editor: Edmund Cramp, Dec 16, 2021 2:38 pm. Total Edits: 2]



      All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items


     Content:

    Read New | Search

     Guest:

    Email to Admin

    You are visiting as a Guest user.