efa-project.org

Posted: **07 Aug 2019 15:09**

Hi Guys

i got the following issue. Sophos is installed on my EFA. Sophos will detect the Malware and a E-Mail will be sent:

Code: Select all

Subject: [SAV-LINUX] Threat 'Troj/RtfExp-EP' detected on efa.domain.local

A threat classified as 'Troj/RtfExp-EP' was detected in the file '/var/spool/MailScanner/incoming/SpamAssassin-Temp/.spamassassin14362Leu17Ktmp' when attempting to open it at Wed Aug  7 14:57:15 2019 CEST +0300 (2019-08-07 14:57:15 UTC).  Access to the infected file was not allowed.

From my Mailscanner.conf

Code: Select all

Quarantine Infections = yes
Virus Scanners = sophos clamd

i have allready tried the following steps with no success:
http://lists.mailscanner.info/pipermail ... 01114.html

What makes me a bit confused is the Text "Access to the infected file was not allowed" in the Mail. Are there any Permission issues?

the Process savd is running as root

Code: Select all

root      1706  0.0  0.0 592512  6228 ?        Sl   Jul22   0:52 savd etc/savd.cfg

does anyone of you guys has a solution for me?

Posted: **08 Aug 2019 05:30**

You are running sophos as a daemon, so MailScanner is oblivious. Sophos sees the threat via the daemon. MailScanner should call out to sophos for a scan during mime parsing. Verify your path to sophos in the following file.

/etc/MailScanner/virus.scanners.conf

Code: Select all

sophos			/usr/lib/MailScanner/wrapper/sophos-wrapper			/opt/sophos-av

Posted: **08 Aug 2019 11:28**

Hi shawniverson

thx for your reply.

the path in /etc/MailScanner/virus.scanners.conf is correct.

should i disable sophos daemon?

thx!

efa-project.org

Sophos does not Block Malware Detection Mail will be sent

Sophos does not Block Malware Detection Mail will be sent

Re: Sophos does not Block Malware Detection Mail will be sent

Re: Sophos does not Block Malware Detection Mail will be sent