I've noticed a strange problem: messages being successfully delivered despite ClamAV finding a virus. When viewing the message in MailWatch, the Virus field is marked "Y", but the message status is clean and the message is delivered regardless. The virus scanning settings are a little confusing, and I figure that maybe this is user error, but they appear to be set correctly.
In order to diagnose the problem, I extended SMTP Werkzeug with an EICAR test, and I've used this to send infected messages to the server as a test. Just as you would expect, these are blocked due to containing a virus! This test message triggers both the virus and file extension checks, so I've removed "eicar" from the non-forging viruses setting, and disabled the filename rules setting, and the messages are still blocked as they should be.
As such, I cannot reproduce the problem on demand.
I've prepared a copy of the configuration, but I receive these errors upon trying to attach it:
Invalid file extension: MailScanner.conf
Invalid file extension: MailScanner.conf.txt
Invalid file extension: MailScanner.txt
If .txt isn't a valid extension, then what is?
Infected messages getting delivered
-
Daniel Beardsmore
- Posts: 28
- Joined: 06 Jan 2016 18:54
- Location: Hertfordshire, UK
- Contact:
-
shawniverson
- Posts: 3649
- Joined: 13 Jan 2014 23:30
- Location: Indianapolis, Indiana USA
- Contact:
Re: Infected messages getting delivered
Attaching those files to this forum is tricky.
I would suggest using a pastebin or similar.
I would suggest using a pastebin or similar.