Missing entries for "Bad content detected"

Bugs in eFa 4
Post Reply
SelfMan
Posts: 4
Joined: 28 Sep 2021 18:02

Missing entries for "Bad content detected"

Post by SelfMan » 28 Sep 2021 18:28

Hi guys,
I am running: eFa-4.0.4 - with
MailWatch Version: 1.2.16
Operating System Version: CentOS Linux 7 (Core)
Postfix Version: 3.5.9
MailScanner Version: 5.4.1
ClamAV Version: 0.103.3
SpamAssassin Version: 3.4.6
PHP Version: 7.4.23
MySQL Version: 10.2.30-MariaDB
GeoIP Database Version: GeoLite2 Country database 2021-09-21 00:56:02
With all offered updates

The issue I am having for the past 7 days is that neither the "Recent messages" or "Search and reports" list show recent "Bad Content Detected" or "Other Bad Content Detected" entries in the listing. I am getting the notification mail, that these were processed though and should be there.

All other entry types are normally visible. If I search for "contained an Unacceptable Attachment (>0 = TRUE) is greater than '0'", I get only older entries.
This is preventing me from "releasing" safe items.

Any tips what can cause this and where to look?
THANKS

SelfMan

SelfMan
Posts: 4
Joined: 28 Sep 2021 18:02

Re: Missing entries for "Bad content detected"

Post by SelfMan » 15 Oct 2021 08:25

For few days it was fine and today the situation repeated.

Code: Select all

The following e-mails were found to have: Bad Filename Detected

    Sender: admin@uniba.sk
IP Address: 23.237.5.146
 Recipient: xxxxx@xxxxxx.xxx
   Subject: ŽIADOSŤ O CENOVÚ PONUKU (Univerzita Komenského v Bratislave) EUI894/SK4633
 MessageID: 4HVzd01xHSzZkM
Quarantine: /var/spool/MailScanner/quarantine/20211015/4HVzd01xHSzZkM
    Report: MailScanner: Executable DOS/Windows programs are dangerous in email (7RequestForQuote15-10-2021úpdf.exe)
            No programs allowed (7RequestForQuote15-10-2021úpdf.exe)
    Report: MailScanner: Executable DOS/Windows programs are dangerous in email (7RequestForQuote15-10-2021úpdf.exe)
            No programs allowed (7RequestForQuote15-10-2021úpdf.exe)

Full headers are:

 Received: from ns1.omnis.com ([23.237.5.146] [23.237.5.146])
 	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 	(no client certificate requested)
 	by efa43.xxxxx.xxx (MailScanner Milter) with SMTP id 4HVzd01xHSzZkM
 	for <xxxxx@xxxxx.xxx>; Fri, 15 Oct 2021 10:16:37 +0200 (CEST)
 DMARC-Filter: OpenDMARC Filter v1.4.1 efa43.xxxxx.xxx 4HVzd01xHSzZkM
 Authentication-Results: efa43.xxxxx.xxx; dmarc=fail (p=none dis=none) header.from=uniba.sk
 Authentication-Results: efa43.xxxxx.xxx; spf=fail smtp.mailfrom=uniba.sk
 DKIM-Filter: OpenDKIM Filter v2.11.0 efa43.xxxxx.xxx 4HVzd01xHSzZkM
 Received: from [216.38.8.189] (port=62300)
 	by ns1.omnis.com with esmtpsa  (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384
 	(Exim 4.94.2)
 	(envelope-from <admin@uniba.sk>)
 	id 1mbIOF-0006fT-SA
 	for rvydra@xxxxx.xxx; Fri, 15 Oct 2021 04:16:32 -0400
 From: =?UTF-8?B?VW5pdmVyeml0YSBLb21lbnNrw6lobyB2IEJyYXRpc2xhdmU=?= <admin@uniba.sk>
 To: rvydra@xxxxx.xxx
 Subject: =?UTF-8?B?xb1JQURPU8WkIE8gQ0VOT1bDmiBQT05VS1UgKFVuaXZlcnppdGEgS29tZW5za8OpaG8gdiBCcmF0aXNsYXZlKSBFVUk4OTQvU0s0NjMz?=
 Date: 15 Oct 2021 01:16:28 -0700
 Message-ID: <20211015011627.7486CB8D43741A48@uniba.sk>
 MIME-Version: 1.0
 Content-Type: multipart/mixed;
 	boundary="----=_NextPart_000_0012_2E735B9E.C81F5B2E"
 X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
 X-AntiAbuse: Primary Hostname - ns1.omnis.com
 X-AntiAbuse: Original Domain - xxxxx.xxx
 X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
 X-AntiAbuse: Sender Address Domain - uniba.sk
 X-Get-Message-Sender-Via: ns1.omnis.com: authenticated_id: smtp36@aws.amazon.com
 X-Authenticated-Sender: ns1.omnis.com: smtp36@aws.amazon.com


-- 
EFA
Email Filter Appliance
www.efa-project.org

Post Reply