Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Anti-virus Plug-in > AV check mails twice?

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Anti-virus Plug-in  /

AV check mails twice?

[Charles, Jared]
Jared Charles
Newbie
Newbie
Posts: 95
Jared Charles - 03:30pm, Mar 12 2020

Hello Enea,

By default, that is the expected behavior.  However, if you click Security | AntiVirus in MDaemon and then disable the “Refuse to accept messages that are infected with viruses” option, that will cause MDaemon to bypass the first AV scan that is performed during the incoming SMTP session.

 

Regards,

--
Jared Charles
Technical Application Support
o: 817-601-3222    e: Jared.Charles@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

 

 

 

 

From: md-av-plugin@mdaemon.com <md-av-plugin@mdaemon.com> On Behalf Of Enea Lovato
Sent: Friday, March 6, 2020 5:05 AM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] AV check mails twice?

 

Hi!

Checking the logs on incoming messages, I noticed a possible double check of antiviruses on incoming messages.
The first check seems to have been made on TMP, the second check is LOCALQ.

It's my wrong check or is really a doble check?

Attached the following logs.

Textual logs extract:
Fri 2020-03-06 10:18:06.805: [586009] Session 586009; child 0008
Fri 2020-03-06 10:18:06.805: [586009] Accepting SMTP connection from 62.149.156.161:37929 to 185.158.28.74:25
Fri 2020-03-06 10:18:06.806: [586009] --> 220-posta.goldnet.it ESMTP Fri, 06 Mar 2020 10:18:06 +0100
Fri 2020-03-06 10:18:06.807: [586009] --> 220 All transactions and IP addresses are logged
Fri 2020-03-06 10:18:06.821: [586009] <-- EHLO smtpcmd14161.aruba.it Fri 2020-03-06 10:18:06.821: [586009] --> 250-posta.goldnet.it Hello smtpcmd14161.aruba.it [62.149.156.161], pleased to meet you
Fri 2020-03-06 10:18:06.821: [586009] --> 250-ETRN
Fri 2020-03-06 10:18:06.821: [586009] --> 250-AUTH LOGIN CRAM-MD5 PLAIN
Fri 2020-03-06 10:18:06.821: [586009] --> 250-8BITMIME
Fri 2020-03-06 10:18:06.821: [586009] --> 250-ENHANCEDSTATUSCODES
Fri 2020-03-06 10:18:06.821: [586009] --> 250-STARTTLS
Fri 2020-03-06 10:18:06.821: [586009] --> 250 SIZE 81920000
Fri 2020-03-06 10:18:06.835: [586009] <-- MAIL FROM:<amministrazione@bonoraortofrutta.com> SIZE=4046
Fri 2020-03-06 10:18:06.835: [586009] Performing PTR lookup (161.156.149.62.IN-ADDR.ARPA)
Fri 2020-03-06 10:18:06.837: [586009] * D=161.156.149.62.in-addr.ARPA TTL=(1349) PTR=[smtpcmd14161.aruba.it]
Fri 2020-03-06 10:18:06.855: [586009] * D=smtpcmd14161.aruba.it TTL=(10) A=[62.149.156.161]
Fri 2020-03-06 10:18:06.855: [586009] ---- End PTR results
Fri 2020-03-06 10:18:06.855: [586009] Performing IP lookup (bonoraortofrutta.com)
Fri 2020-03-06 10:18:06.876: [586009] * D=bonoraortofrutta.com TTL=(360) A=[62.149.128.166]
Fri 2020-03-06 10:18:06.876: [586009] * D=bonoraortofrutta.com TTL=(360) A=[62.149.128.157]
Fri 2020-03-06 10:18:06.876: [586009] * D=bonoraortofrutta.com TTL=(360) A=[62.149.128.163]
Fri 2020-03-06 10:18:06.876: [586009] * D=bonoraortofrutta.com TTL=(360) A=[62.149.128.74]
Fri 2020-03-06 10:18:06.876: [586009] * D=bonoraortofrutta.com TTL=(360) A=[62.149.128.72]
Fri 2020-03-06 10:18:06.876: [586009] * D=bonoraortofrutta.com TTL=(360) A=[62.149.128.151]
Fri 2020-03-06 10:18:06.876: [586009] * D=bonoraortofrutta.com TTL=(360) A=[62.149.128.154]
Fri 2020-03-06 10:18:06.876: [586009] * D=bonoraortofrutta.com TTL=(360) A=[62.149.128.160]
Fri 2020-03-06 10:18:06.878: [586009] * P=010 S=000 D=bonoraortofrutta.com TTL=(336) MX=[mx.bonoraortofrutta.com] {62.149.128.74}
Fri 2020-03-06 10:18:06.878: [586009] ---- End IP lookup results
Fri 2020-03-06 10:18:06.880: [586009] Performing SPF lookup (bonoraortofrutta.com / 62.149.156.161)
Fri 2020-03-06 10:18:06.932: [586009] * Result: none; no SPF record in DNS
Fri 2020-03-06 10:18:06.932: [586009] ---- End SPF results
Fri 2020-03-06 10:18:06.932: [586009] --> 250 2.1.0 Sender OK
Fri 2020-03-06 10:18:06.946: [586009] <-- RCPT TO:<info@plimont.it>
Fri 2020-03-06 10:18:06.953: [586009] Performing DNS-BL lookup (62.149.156.161 - connecting IP)
Fri 2020-03-06 10:18:06.976: [586009] * 4uifbnardjphlifzm3kz2qq2ia.zen.dq.spamhaus.net - passed
Fri 2020-03-06 10:18:06.977: [586009] * b.barracudacentral.org - passed
Fri 2020-03-06 10:18:06.977: [586009] ---- End DNS-BL results
Fri 2020-03-06 10:18:06.979: [586009] --> 250 2.1.5 Recipient OK
SMTPI-IN Fri 2020-03-06 10:18:06.993: [586009] <-- DATA SMTPI-IN Fri 2020-03-06 10:18:06.994: [586009] Creating temp file (SMTP): h:\mdaemon\temp\31\md50000016413.tmp SMTPI-IN Fri 2020-03-06 10:18:06.994: [586009] --> 354 Enter mail, end with <CRLF>.<CRLF>
SMTPI-IN Fri 2020-03-06 10:18:07.024: [586009] Message size: 4046 bytes
SMTPI-IN Fri 2020-03-06 10:18:07.024: [586009] Performin

Attachment: AVcheck.jpg


  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Edmund Cramp - May 18, 2020 12:09 pm (#1 Total: 2)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 233

MDaemon
Outlook Connector
WebAdmin
We're seeing a big increase in viruses these days and MD is stopping them all - I quarantine all detected viruses as well as all risky attachments and we have virtually nothing to worry about, MD is doing a great job!

Thank you everyone!

Arron Caruth - May 18, 2020 1:37 pm (#2 Total: 2)  

Guest User  

Photo of Author
Posts: 1

That is great, thank you for sharing!

 

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
Sent: Monday, May 18, 2020 12:10 PM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] AV check mails twice?

 

We're seeing a big increase in viruses these days and MD is stopping them all - I quarantine all detected viruses as well as all risky attachments and we have virtually nothing to worry about, MD is doing a great job!

Thank you everyone!


View/reply at AV check mails twice?

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------



  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.