Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Support > Archive > Please add more info to X-MDAV-Infected header

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Support  / Archive  /

Please add more info to X-MDAV-Infected header

[Clark, Chris]
Chris Clark
Newbie
Newbie
Posts: 4
Chris Clark - 11:07am, Jul 19 2019

Hi,

Merging ClamAV and Cyren seems to be a sensible move but I've lost the ability to use the Content Filter to distinguish between the various things that ClamAV can detect, especially as I use 3rd party signatures.

Here's an example:
The email contains:-
X-MDAV-Infected: pd1530027480.att
X-MDBadQueue-Reason: WARNING! infected with virus (pd31876688.txt)

While the clamd.log contains,-
C:/MDaemon/CFilter/TEMP/965010511/pd1530027480.att: Heuristics.OLE2.ContainsMacros(65a892876fa1a66bb6232eebeaaf92ba:379904) FOUND

pd31876688.txt doesn't give me any information. In 15.8.3 an infected email contained a header like this:-
X-CAV-VirusName: Sanesecurity.Jurlbl.71541b.UNOFFICIAL

It would be nice if a future version of MDaemon could include a header with the signature that ClamAV had detected,

Chris

  (older msg: 1)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Chris Clark - Jul 27, 2019 6:37 am (#2 Total: 3)  

 

Photo of Author
Chris Clark
Newbie
Newbie
Posts: 4
Jared,

The name of the virus found would be fine. This allows me to see if any particular signature is causing a false positive and maybe add it to the Clam AV IGNORE file.

Chris

Jared Charles (apparently) - Jul 31, 2019 4:40 pm (#3 Total: 3)  

via email  

Photo of Author
Jared Charles
Newbie
Newbie
Posts: 97

Hello Chris,

Thanks for the clarification.  I have submitted your request to our wish list for review.

 

Regards,
--
Jared Charles
Technical Application Support
MDaemon Technologies | Simple Secure Email

U.S. Toll Free: 866-601-2586
International: 817-601-3222

Visit us on Facebook | LinkedIn | YouTube

Sent using the MDaemon Messaging Server




  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.