Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Anti-virus Plug-in > "Clean" viruses?

[F] Alt-N Discussion Groups / MDaemon Discussion Groups / MDaemon Anti-virus Plug-in /

"Clean" viruses?

[Cramp, Edmund]
Edmund Cramp
Novice
Novice
Posts: 239

MDaemon
Outlook Connector
WebAdmin
Edmund Cramp - 12:58pm, Nov 24 2020

The message headers are:

X-SPScan-Result: infected
X-SPScan-VirusName: HTML/Agent.CN
X-MDBadQueue-Reason: WARNING! infected with virus (HTML/Agent.CN)
X-MDAV-Result: clean

My policy is to quarantine everything suspicious so it's not a problem but I'm seeing a few of these, in addition the daily virus statistics are not recording them - I guess probably because it's an infection attempt, not an actual virus in the message? I'm sending all of the messages to virusfn@mdaemon.com

  (older msg: 14)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Edmund Cramp - Apr 6, 2022 7:50 am (#15 Total: 18)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 239

MDaemon
Outlook Connector
WebAdmin
This is just an idea, MD can scan all the mailboxes everyday and occasionally finds infections in users spam folders, but I'm quarantining virtually all messages with attachments that I see as potential infections ... e.g. *.gz, *.zip, *.bat, *.exe etc., and then I check suspicious messages by uploading them to VirusTotal after reviewing the headers.
It might be a useful option for the future to add the option to do an AV scan of quarantine folder contents every hour.


Arron Caruth - Apr 6, 2022 8:12 am (#16 Total: 18)  

Guest User  

Photo of Author
Posts: 1

What is the end goal?  

In cases where attachment restrictions have quarantined a message, the best route, in my opinion, is to get the file to the AV vendors as quickly as possible so that they can update their systems to detect the malicious content and future messages can be handled based on your AV configurations.

What would you have done with messages that were found to be malicious?  What about messages that were found to be clean?  Or would all the messages just sit in the queue and be scanned every hour, over and over and over?

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email

Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

On Wed, 6 Apr 2022 07:50:48 -0500, "lists-md-anti-virus@mdaemon.com (Edmund Cramp)" <lists-md-anti-virus@mdaemon.com> wrote:
This is just an idea, MD can scan all the mailboxes everyday and occasionally finds infections in users spam folders, but I'm quarantining virtually all messages with attachments that I see as potential infections ... e.g. *.gz, *.zip, *.bat, *.exe etc., and then I check suspicious messages by uploading them to VirusTotal after reviewing the headers.
It might be a useful option for the future to add the option to do an AV scan of quarantine folder contents every hour.



View/reply at "Clean" viruses?
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------


--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

Edmund Cramp - Apr 6, 2022 8:38 am (#17 Total: 18)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 239

MDaemon
Outlook Connector
WebAdmin
The only "end goal" for us is to avoid infections.
I expect that scanning the quarantined message that MD has not detected via VirusTotal is updating the AV vendors. I also send them to MD via the quarantine reporting option but a lot of time the messages are rejected - I see that as a good thing but since the quarantine queue hasn't been scanned it's a little work for me.
When VirusTotal says it's a malicious message then I delete it. Clean quarantined messages are reviewed but that's very rare to find a clean quarantine.
I just see a repeated scan of the quarantine queue as relatively low processing cost but making the AV a little more efficient - this is just an idea, I'm only a mail-server user ... any happily confident using MD, it's stopping malware all the time every day.



  (newer msg:1)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items


 Content:

Read New | Search

 Guest:

Email to Admin

You are visiting as a Guest user.