Sophos does not Block Malware Detection Mail will be sent

Report bugs and workarounds
Post Reply
benscha
Posts: 19
Joined: 23 Jan 2018 07:19

Sophos does not Block Malware Detection Mail will be sent

Post by benscha »

Hi Guys

i got the following issue. Sophos is installed on my EFA. Sophos will detect the Malware and a E-Mail will be sent:

Code: Select all

Subject: [SAV-LINUX] Threat 'Troj/RtfExp-EP' detected on efa.domain.local

A threat classified as 'Troj/RtfExp-EP' was detected in the file '/var/spool/MailScanner/incoming/SpamAssassin-Temp/.spamassassin14362Leu17Ktmp' when attempting to open it at Wed Aug  7 14:57:15 2019 CEST +0300 (2019-08-07 14:57:15 UTC).  Access to the infected file was not allowed.
From my Mailscanner.conf

Code: Select all

Quarantine Infections = yes
Virus Scanners = sophos clamd
i have allready tried the following steps with no success:
http://lists.mailscanner.info/pipermail ... 01114.html

What makes me a bit confused is the Text "Access to the infected file was not allowed" in the Mail. Are there any Permission issues?

the Process savd is running as root

Code: Select all

root      1706  0.0  0.0 592512  6228 ?        Sl   Jul22   0:52 savd etc/savd.cfg

does anyone of you guys has a solution for me?
always happy for any hints and tipps! :clap: | EFA 3.0.2.6
User avatar
shawniverson
Posts: 3640
Joined: 13 Jan 2014 23:30
Location: Indianapolis, Indiana USA
Contact:

Re: Sophos does not Block Malware Detection Mail will be sent

Post by shawniverson »

You are running sophos as a daemon, so MailScanner is oblivious. Sophos sees the threat via the daemon. MailScanner should call out to sophos for a scan during mime parsing. Verify your path to sophos in the following file.

/etc/MailScanner/virus.scanners.conf

Code: Select all

sophos			/usr/lib/MailScanner/wrapper/sophos-wrapper			/opt/sophos-av
benscha
Posts: 19
Joined: 23 Jan 2018 07:19

Re: Sophos does not Block Malware Detection Mail will be sent

Post by benscha »

Hi shawniverson

thx for your reply.

the path in /etc/MailScanner/virus.scanners.conf is correct.

should i disable sophos daemon?

thx!
always happy for any hints and tipps! :clap: | EFA 3.0.2.6
Post Reply