Hi.
Question:
(1) Is there a way to list or get a specific report from EFA to find out to which recipents messages wasn't delivered because CLAMAV marked them as virus?
We found only the report which gives you number of all the threats but we would also need the info to WHICH recipents hasn't been deliverd (https://drive.google.com/file/d/1zklakI ... sp=sharing)
(2).
We had an issue couple of days ago that Efa started to block outgoing messages with PDF attachments but haven't quite figure it out what caused it.
The only changes that we have done on efa was running yum update arround that time when the issue started to appear, but we haven't done any changes on the way how we make and send those types of PDF's.
We had to solve this by adding local whitelist exception:
cd /var/lib/clamav
echo "Sanesecurity.Spam.12734.PdfSpam" >> local_whitelist.ign2
and rebooting efa server
Any ideas where to look for the reason why this stopped working and CLAMAV started to mark those messages with PDF attachments as VIRUS?
with best regards
List clamav blocked mails
Re: List clamav blocked mails
It sounds like a false positive. Somehow, the PDF you've generated is matching another spam signature under the Sanesecurity's spam signatures.
Either that, or your pdf is actually the spam people have reported to Sanesecurity.
If it's the former, then I suggest you regenerate your PDF, or resave it with different settings to avoid the signature check triggering on your PDF.
If you're the latter...
Either that, or your pdf is actually the spam people have reported to Sanesecurity.
If it's the former, then I suggest you regenerate your PDF, or resave it with different settings to avoid the signature check triggering on your PDF.
If you're the latter...
Re: List clamav blocked mails
Funny thing.
For test purpose I have tried those same pdf attachments in fresh efa 4.x installation and they got thru OK.
For test purpose I have tried those same pdf attachments in fresh efa 4.x installation and they got thru OK.