Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Anti-virus Plug-in > "Virus definitions out of date!" warning message ends up in Bad Queue

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Anti-virus Plug-in  /

"Virus definitions out of date!" warning message ends up in Bad Queue

[Devecerski, Aleksandar]
Aleksandar Deve…
Newbie
Newbie
Posts: 60
Aleksandar Devecerski - 01:45am, Aug 2 2022

Hello everyone

Not a big deal, just thought to report it and ask if anyone else noticed it.
Month or two back, ClamAV AV database release tempo started to be a little erratic. Every once in a while there are no updates for a couple of days. I know this is not MDaemons fault because we have other equipment simultaneously reporting missing ClamAV updates.

What I've noticed regards MDaemon is that in these situations "Virus definitions out of date!" warning message ends up in Bad Queue.
The reason, missing From field. Here's section from the RAW log and message itself is attached.
Mon 2022-08-01 15:44:58.161: ----------
Mon 2022-08-01 18:08:43.128: Converting (E:/MDaemon/Queues/Raw/md50000025036.raw)
Mon 2022-08-01 18:08:43.135: Missing FROM header
Mon 2022-08-01 18:08:43.166: Message moved to (e:/mdaemon/queues/bad/pd5001000001231.raw)
Mon 2022-08-01 18:08:43.166: ----------

Anyone else seeing this?

Regards

Attachments:

pd5001000001231.raw (1 KB)


  (older msg: 11)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Edmund Cramp - Aug 23, 2022 2:44 pm (#12 Total: 14)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 233

MDaemon
Outlook Connector
WebAdmin
Just letting you know what I'm seeing happen:
I had three emails quarantined this morning, all of which were delivered early today, but only two messages were documented to the postmaster. I'm attaching a screen capture with some edits to remove anything that would ID me. You see the quarantine summary shows three messages but only two generated individual quarantine delivery message to the postmaster.

Thanks for your comments - I have both the Threat Lookup and Flag attachments selected, the Heuristic level is -1, should I push that up?

[Last Editor: Edmund Cramp, Aug 23, 2022 2:48 pm. Total Edits: 1]

Attachments:

Capture.JPG (249 KB) (56 Downloads)


Arron Caruth - Aug 23, 2022 3:12 pm (#13 Total: 14)  

Guest User  

Photo of Author
Posts: 1
What does the content filter log show occurred?
 
It should show something like this:
 
 
Tue 2022-08-23 15:07:37.408: * Message moved to c:\mdaemon\cfilter\quarant\md5001000000211.msg
Tue 2022-08-23 15:07:37.408: * Restricted attachment(s) detect:
Tue 2022-08-23 15:07:37.408: * debuglog.pdf
Tue 2022-08-23 15:07:37.408: * message quarantined
Tue 2022-08-23 15:07:37.419: * Notification sent to postmaster@domain.com (admin)
Tue 2022-08-23 15:07:37.424: * Matched 0 of 4 active rules
Tue 2022-08-23 15:07:37.424: End of Content Filter results
Tue 2022-08-23 15:07:37.424: ----------
 
If the content filter log shows a message being sent to the postmaster, then very shortly after that you should see a message being converted in the RAW log.  It should look something like this:
 
Tue 2022-08-23 15:07:41.474: Converting <C:\MDaemon\Queues\Raw\md5001000043482.raw>
Tue 2022-08-23 15:07:41.523: From: Postmaster@encrypt.ssllock.com
Tue 2022-08-23 15:07:41.523: To: Arron@encrypt.ssllock.com
Tue 2022-08-23 15:07:41.523: Subject: MDaemon Notification - Restricted Attachment Found 
Tue 2022-08-23 15:07:41.523: Message-ID: MDAEMON0002202208231507.AA0741474@mail.encrypt.ssllock.com
Tue 2022-08-23 15:07:41.523: Conversion completed (created c:\mdaemon\queues\local\md5001000114038.msg)
Tue 2022-08-23 15:07:41.523: ----------
 
And then in the routing log, it should show it being processed and placed into the user's mailbox:
 
Tue 2022-08-23 15:07:48.018: LOCAL message: pd5001000114038.msg
Tue 2022-08-23 15:07:48.018: *  From: Postmaster@domain.com
Tue 2022-08-23 15:07:48.018: *  To: postmaster@domain.com
Tue 2022-08-23 15:07:48.018: *  Subject: MDaemon Notification - Restricted Attachment Found
Tue 2022-08-23 15:07:48.018: *  Message-ID: <MDAEMON0002202208231507.AA0741474@mail.encrypt.ssllock.com>
Tue 2022-08-23 15:07:48.018: *  Size: 1957; <c:\mdaemon\users\domain.com\arron\md5001000053249.msg>
Tue 2022-08-23 15:07:48.018: ----------
 
The content filter, antivirus, and antispam logs may also show the notification being processed.
 
What do your logs show?

--
Arron Caruth
VP of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email

Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server
 
On Tue, 23 Aug 2022 14:44:39 -0500, "lists-md-anti-virus@mdaemon.com (Edmund Cramp)" <lists-md-anti-virus@mdaemon.com> wrote:
Just letting you know what I'm seeing happen:
I had three emails quarantined this morning, all of which were delivered early today, but only two messages were documented to the postmaster. I'm attaching a screen capture with some edits to remove anything that would ID me. You see the quarantine summary shows three messages but only two generated individual quarantine delivery message to the postmaster.

Attachment: Capture.JPG



View/reply at "Virus definitions out of date!" warning message ends up in Bad Queue
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

Edmund Cramp - Aug 23, 2022 4:05 pm (#14 Total: 14)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 233

MDaemon
Outlook Connector
WebAdmin
I can send you all the logs if you want, in this case the first two messages log as:
Tue 2022-08-23 03:33:19.705: Start Content Filter results
Tue 2022-08-23 03:33:19.723: * Message moved to c:/mdaemon/cfilter/quarant/md5001000003030.msg
Tue 2022-08-23 03:33:19.723: * Restricted attachment(s) detect:
Tue 2022-08-23 03:33:19.723: * Attachment.iso
Tue 2022-08-23 03:33:19.723: * message quarantined
Tue 2022-08-23 03:33:19.726: * Notification sent to postmaster@xxxxx.xxx (admin) (my domain deleted)
Tue 2022-08-23 03:33:19.726: * Matched 0 of 10 active rules
Tue 2022-08-23 03:33:19.726: End of Content Filter results
Tue 2022-08-23 03:33:19.726: ----------

But the third message log is:
Tue 2022-08-23 03:56:45.874: Start Content Filter results
Tue 2022-08-23 03:56:45.892: * Message moved to c:/mdaemon/cfilter/quarant/md5001000003031.msg
Tue 2022-08-23 03:56:45.892: * Restricted attachment(s) detect:
Tue 2022-08-23 03:56:45.892: * Attachment.iso
Tue 2022-08-23 03:56:45.892: * message quarantined
Tue 2022-08-23 03:56:45.893: * Matched 0 of 10 active rules
Tue 2022-08-23 03:56:45.893: End of Content Filter results
Tue 2022-08-23 03:56:45.893: ----------

But note the time suggests that the message has been quarantined for a couple of hours before the log is updated.



  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.