Deliver infected .xls file

General eFa discussion
Post Reply
mendark
Posts: 18
Joined: 03 Dec 2021 10:10

Deliver infected .xls file

Post by mendark »

Hello,
I've tested an infected .xls to view if efa detect virus or not.
So, virus was detected but email was delivered and i don't understand why, also i've tested an .img infected file but this type of file didn't pass, also infected file.
Why i did to do to block infected .xls file?
I attached log entry:
Jun 20 18:17:50 xxxxxxx MailScanner[12885]: New Batch: Scanning 1 messages, 92235 bytes
Jun 20 18:17:50 xxxxxxx MailScanner[12885]: Virus and Content Scanning: Starting
Jun 20 18:17:50 xxxxxxx MailScanner[12885]: Clamd::INFECTED::Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL :: ./4LRYDW6gkYz9ynPS/
Jun 20 18:17:50 xxxxxxx MailScanner[12885]: Found spam based virus Sanesecurity.Badmacro.XlsM.Urlmon1.UNOFFICIAL in 4LRYDW6gkYz9ynPS
Jun 20 18:17:51 xxxxxxx MailScanner[12885]: Esets::INFECTED::DOC/TrojanDownloader.Agent.DOV
Jun 20 18:17:51 xxxxxxx MailScanner[12885]: Virus Scanning: esetsefs found 1 infections
Jun 20 18:17:51 xxxxxxx MailScanner[12885]: Infected message 4LRYDW6gkYz9ynPS.message came from
Jun 20 18:17:51 xxxxxxx MailScanner[12885]: Virus Scanning: Found 1 viruses
Jun 20 18:17:51 xxxxxxx MailScanner[12885]: <A> tag found in message 4LRYDW6gkYz9ynPS from usename@yahoo.com
Jun 20 18:17:51 xxxxxxx MailScanner[12885]: Spam Checks: Starting
Jun 20 18:17:53 xxxxxxx MailScanner[12885]: Requeue: 4LRYDW6gkYz9ynPS to 4LRYDW6gkYz9ynPS
Jun 20 18:17:53 xxxxxxx postfix/qmqpd[15182]: connect from localhost[127.0.0.1]
Jun 20 18:17:53 xxxxxxx postfix/qmqpd[15182]: 4LRYDd4xbnz9ynPT: client=localhost[127.0.0.1]
Jun 20 18:17:53 xxxxxxx opendmarc[2982]: ignoring connection from localhost
Thank you
Post Reply