Infected messages getting delivered
Posted: 08 Aug 2016 09:09
I've noticed a strange problem: messages being successfully delivered despite ClamAV finding a virus. When viewing the message in MailWatch, the Virus field is marked "Y", but the message status is clean and the message is delivered regardless. The virus scanning settings are a little confusing, and I figure that maybe this is user error, but they appear to be set correctly.
In order to diagnose the problem, I extended SMTP Werkzeug with an EICAR test, and I've used this to send infected messages to the server as a test. Just as you would expect, these are blocked due to containing a virus! This test message triggers both the virus and file extension checks, so I've removed "eicar" from the non-forging viruses setting, and disabled the filename rules setting, and the messages are still blocked as they should be.
As such, I cannot reproduce the problem on demand.
I've prepared a copy of the configuration, but I receive these errors upon trying to attach it:
Invalid file extension: MailScanner.conf
Invalid file extension: MailScanner.conf.txt
Invalid file extension: MailScanner.txt
If .txt isn't a valid extension, then what is?
In order to diagnose the problem, I extended SMTP Werkzeug with an EICAR test, and I've used this to send infected messages to the server as a test. Just as you would expect, these are blocked due to containing a virus! This test message triggers both the virus and file extension checks, so I've removed "eicar" from the non-forging viruses setting, and disabled the filename rules setting, and the messages are still blocked as they should be.
As such, I cannot reproduce the problem on demand.
I've prepared a copy of the configuration, but I receive these errors upon trying to attach it:
Invalid file extension: MailScanner.conf
Invalid file extension: MailScanner.conf.txt
Invalid file extension: MailScanner.txt
If .txt isn't a valid extension, then what is?