Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Anti-virus Plug-in > False positive - "infected" but not scanned

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Anti-virus Plug-in  /

False positive - "infected" but not scanned

[Cramp, Edmund]
Edmund Cramp
Novice
Novice
Posts: 233

MDaemon
Outlook Connector
WebAdmin
Edmund Cramp - 04:09pm, Feb 3 2021

X-MDAV-Result: infected
X-MDAV-Infected: xxxxx W-2.pdf
X-MDAV-Processed: mail.xxxxxxxxx.com, Wed, 03 Feb 2021 13:45:01 -0600

X-MDBadQueue-Reason: WARNING! attachment cannot be scanned (xxxxx W-2.pdf)

--_007_DM5PR2001MB1723C4017C54BE824D87CA85A2B49DM5PR2001MB1723_
Content-Type: multipart/related,
boundary="_006_DM5PR2001MB1723C4017C54BE824D87CA85A2B49DM5PR2001MB1723_",
type="multipart/alternative"

--_006_DM5PR2001MB1723C4017C54BE824D87CA85A2B49DM5PR2001MB1723_
Content-Type: multipart/alternative,
boundary="_000_DM5PR2001MB1723C4017C54BE824D87CA85A2B49DM5PR2001MB1723_"

--_000_DM5PR2001MB1723C4017C54BE824D87CA85A2B49DM5PR2001MB1723_
Content-Type: text/plain, charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

----------------------------------------------------------------
SecurityPlus for MDaemon was not able to scan message attachment
----------------------------------------------------------------

  • ****************************** WARNING ******************************* The message has been scanned by SecurityPlus for MDaemon and was found=20
    to contain an attachment that could not be scanned. Information on the=20
    attachment and action taken is provided below.
  • ****************************** WARNING *******************************

    ----------------------------------------------------------------------
    Attachment Virus name Action taken
    ----------------------------------------------------------------------
    xxxxx W-2.pdf, NOT_SCANNED Message Quarantined

    I'd rather see false positives than false negatives - if a message is sitting in the quarantine queue is there a way to scan it again? My current method is to open Gmail and add the message file as an attachment - Google scans all added attachments so it's a reasonably fast way to get an idea if the message is actually infected - then I can just cancel the message.

  •   (older msg: 1)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

    Edmund Cramp - Feb 4, 2021 9:23 am (#2 Total: 3)  

     

    Photo of Author
    Edmund Cramp
    Novice
    Novice
    Posts: 233

    MDaemon
    Outlook Connector
    WebAdmin
    Replying to: Arron Caruth (Feb 3, 2021 4:37 pm)
    When a message or an attachment cannot be scanned the X-MDAV-Result header shows "infected" and the X-MDAV-Infected header logs the File...

    Hi Arron,
    I included the headers to show that MDAV couldn't scan the message - password protected messages can't be scanned and I'm fine with that but I think it would be better if the message was quarantined as "not scanned", instead of "infected" because MDAV didn't scan it and find an infection.
    Certainly a password protected PDF needs to be stopped these days, but we can't assume that it's dangerous - MDAV does a very good job at detecting viruses, I just see this as a documentation issue and I'm just letting you know what happens out here in the wild (LOL).

    Arron Caruth - Feb 4, 2021 10:32 am (#3 Total: 3)  

    Guest User  

    Photo of Author
    Posts: 1

     

    The message was quarantined as “not scanned”.  The bad queue reason header provides the explanation as does the warning added to the body of the message and both say the message was not scanned.

     

    Are you wanting the headers used by the system (X-MDAV-Result and X-MDAV-Infected) to have different values written out?

     

     

    --
    Arron Caruth
    Vice President of Product Development
    o: 817-601-3222    e: Arron.Caruth@mdaemon.com

    MDaemon Technologies
    Simple Secure Email
    Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
    Sent using the MDaemon Email Server

    From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
    Sent: Thursday, February 4, 2021 8:23 AM
    To: md-av-plugin@mdaemon.com
    Subject: [md-av-plugin] False positive - "infected" but not scanned

     

    Hi Arron,
    I included the headers to show that MDAV couldn't scan the message - password protected messages can't be scanned and I'm fine with that but I think it would be better if the message was quarantined as "not scanned", instead of "infected" because MDAV didn't scan it and find an infection.
    Certainly a password protected PDF needs to be stopped these days, but we can't assume that it's dangerous - MDAV does a very good job at detecting viruses, I just see this as a documentation issue and I'm just letting you know what happens out here in the wild (LOL).


    View/reply at False positive - "infected" but not scanned

     
     
    --MD-AV-PLUGIN-------------------------------------------------------
    This list is for questions and discussion about AntiVirus plugins for
    MDAEMON. To unsubscribe from this mailing list send an email to 
    md-av-plugin-unsubscribe@mdaemon.com .
    --POWERED BY MDAEMON!------------------------------------------------
     
    ---------------------------------------------------------------------
    These forums are provided by MDaemon Technologies for user-to-user 
    support and discussion.  MDaemon staff members may participate in the 
    forums periodically but please recognize that this is not the official
    method of receiving technical support. To receive personal technical 
    support please use the form here:
    http://www.mdaemon.com/Support/RequestSupport/
    ---------------------------------------------------------------------



      All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



     Content:

    Read New | Search

     Guest:

    Email to Admin



    You are visiting as a Guest user.