Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Anti-virus Plug-in > PDF's that can't be scanned are falsely called viruses.

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Anti-virus Plug-in  /

PDF's that can't be scanned are falsely called viruses.

[Caruth, Arron]
Arron Caruth
Arron Caruth - 07:30am, Jun 1 2020
Guest User

Can you point me to exactly what is leading you to conclude that the message is littered with fake virus warnings?

 

I see the X-MDBadQueueReason header which says the message is infected with virus (completed-transcript-0E37323141.pdf). I can see where this could be confusing. Unfortunately this cannot be customized.  We will look into improving the wording for a future version.

 

Is there other information that is included in the message that is leading you to believe the message is infected?  Or is it just this one header? 

 

The body of the message states multiple times that the message was not able to be scanned:

 

SecurityPlus for MDaemon was not able to scan message attachment

The message has been scanned by SecurityPlus for MDaemon and was found
to contain an attachment that could not be scanned. Information on the
attachment and action taken is provided below.


----------------------------------------------------------------------
Attachment Virus name Action taken
----------------------------------------------------------------------
completed-transcript-0E37323141.pdf, NOT_SCANNED Message Quarantined

 

If you don’t like the messages included in the body of the message, they can be customized to fit your needs.  To do this go to Security / AntiVirus / Virus Scanning, then click the Warning Message button next to “Add warning to top of message body if not scanned.”

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
Sent: Sunday, May 31, 2020 11:32 AM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] PDF's that can't be scanned are falsely called viruses.

 

MD occasionally fails to scan a PDF file and then says that it contains a virus although there is zero evidence for this, and in the example below that was stopped this morning, I think that it is extremely unlikely, I suspect that the PDF is simply images because it's not password protected, it was downloaded from an academic site, processed by the users Windows 10 AV software, and then stopped by MD.

I would rather see MD tell the truth, that the document can't be scanned and is held, rather than littered with fake virus warnings.

X-Envelope-From: xxxxxxx@motion-labs.com
X-MDaemon-Deliver-To: pg-admissions@aber.ac.uk
Received: from [xx.xx.xxx.xx] by motion-labs.com via MDaemon Webmail with HTTP,
Sun, 31 May 2020 10:50:56 -0500
Date: Sun, 31 May 2020 10:50:56 -0500
From: "xxxxxxx xxxxxxx" (xxxxxxx@motion-labs.com)
To: pg-admissions@aber.ac.uk
Subject: Creative Writing MA Admission Documents
MIME-Version: 1.0
Content-Type: multipart/mixed, boundary="0531-1550-56-01-PART_BREAK"
Message-ID: (WC20200531155056.450030@motion-labs.com)
X-Mailer: MDaemon Webmail 19.5.5
X-MDDKIMSelector: s=MDaemon d=motion-labs.com i=xxxxxxx@motion-labs.com
X-MDBadQueue-Reason: WARNING! infected with virus (completed-transcript-0E37323141.pdf)

--0531-1550-56-01-PART_BREAK
Content-Type: multipart/alternative, boundary="0531-1550-56-03-PART_BREAK"

--0531-1550-56-03-PART_BREAK
Content-Type: text/plain, charset="us-ascii"

----------------------------------------------------------------
SecurityPlus for MDaemon was not able to scan message attachment
----------------------------------------------------------------

·  ****************************** WARNING ******************************* The message has been scanned by SecurityPlus for MDaemon and was found
to contain an attachment that could not be scanned. Information on the
attachment and action taken is provided below.

·  ****************************** WARNING *******************************

----------------------------------------------------------------------
Attachment Virus name Action taken
----------------------------------------------------------------------
completed-transcript-0E37323141.pdf, NOT_SCANNED Message Quarantined


View/reply at PDF's that can't be scanned are falsely called viruses.

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

  (older msg: 11)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Edmund Cramp - Oct 20, 2020 11:07 am (#12 Total: 18)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 233

MDaemon
Outlook Connector
WebAdmin
I'm seeing this too - it says that SecurityPlus for MDaemon was not able to scan message attachment but then seems to assume that because it can't scan it (it's not password protected) that it must be a virus.

The message needs to say that the scanning failed, not that it must be a virus simply because SecurityPlus failed.

Arron Caruth - Oct 20, 2020 12:31 pm (#13 Total: 18)  

Guest User  

Photo of Author
Posts: 1

What version of MDaemon are you using?

 

What does the log show is happening?

 

Which AV engine is reporting the issue when scanning the file?

 

If it is ClamAV and Heuristics.Limits.Exceeded is being returned when scanning the message, MDaemon 20.0.1 changed it so that a message that exceeded the scanning limits would be treated as a Non-Scanned message rather than a Virus.

 

MDaemon 20.0.3, which is currently in beta, sets AlertExceedsMax to No, which is the default, because the limits need to be customized and we are unable to determine what values are appropriate and will work for everyone.  

 

If its Cyren returning an error, or any other error from ClamAV please send me a  copy of the attachment so we can do further testing.

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on
www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the
MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
Sent: Tuesday, October 20, 2020 11:08 AM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] PDF's that can't be scanned are falsely called viruses.

 

I'm seeing this too - it says that SecurityPlus for MDaemon was not able to scan message attachment but then seems to assume that because it can't scan it (it's not password protected) that it must be a virus.

The message needs to say that the scanning failed, not that it must be a virus simply because SecurityPlus failed.


View/reply at PDF's that can't be scanned are falsely called viruses.

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------



  (newer msg:5)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.