Sophos and the flag Dangerous?

[thewomble]

I used the instructions to install from another poster
viewtopic.php?f=14&t=1329&p=7288&hilit=sophos#p7288


I have noticed since installing SOPHOS has detected a number of ransomware viruses based on the double extension. All good, however on the MailWatch screen it shows the Dangerous Flag as "N"

My question is should this not be flagged has Dangerous and not be able to be released by the web frontend either by Admin or User? Others are flagged as Dangerous and not be accidentially released.

Details under "Anti-Virus/Dangerous Content Protection"
The system as flagged Virus Y and Blocked File Y
Report says:-
MailScanner: JScript Scripts are dangerous in email (67Information-00000137840.doc.js) ,Sophos: >>> Virus 'Mal/DrodZp-A' found in file ./6B3B410236F.AD842/66Information-00000137840.doc.zip MailScanner: JScript Scripts are dangerous in email (67Information-00000137840.doc.js) ,Sophos: >>> Virus 'Mal/DrodZp-A' found in file ./6B3B410236F.AD842/Information-00000137840.zip/Information-00000137840.doc.zip


Under Quarantine it says :-

Release Delete SA Learn File Type Path Dangerous?
67Information-00000137840.doc.js text/plain; charset=us-ascii 20170213/6B3B410236F.AD842/67Information-00000137840.doc.js N
66Information-00000137840.doc.zip application/zip; charset=binary 20170213/6B3B410236F.AD842/66Information-00000137840.doc.zip N
Information-00000137840.zip application/zip; charset=binary 20170213/6B3B410236F.AD842/Information-00000137840.zip N

message text/x-mail; charset=us-ascii 20170213/6B3B410236F.AD842/message N

[thewomble]

SOLUTION BELOW:

in MailScanner.conf

by default for AV scanning you have

Virus Scanners = clamd

When I installed sophos I added

Virus Scanners = clamd sophos

What I did was swop them round, the email is quarantined, the user can see it, but cannot release it, problem solved.

Virus Scanners = sophos clamd

[shawniverson]