Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Anti-virus Plug-in > PDF's that can't be scanned are falsely called viruses.

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Anti-virus Plug-in  /

PDF's that can't be scanned are falsely called viruses.

[Caruth, Arron]
Arron Caruth
Arron Caruth - 07:30am, Jun 1 2020
Guest User

Can you point me to exactly what is leading you to conclude that the message is littered with fake virus warnings?

 

I see the X-MDBadQueueReason header which says the message is infected with virus (completed-transcript-0E37323141.pdf). I can see where this could be confusing. Unfortunately this cannot be customized.  We will look into improving the wording for a future version.

 

Is there other information that is included in the message that is leading you to believe the message is infected?  Or is it just this one header? 

 

The body of the message states multiple times that the message was not able to be scanned:

 

SecurityPlus for MDaemon was not able to scan message attachment

The message has been scanned by SecurityPlus for MDaemon and was found
to contain an attachment that could not be scanned. Information on the
attachment and action taken is provided below.


----------------------------------------------------------------------
Attachment Virus name Action taken
----------------------------------------------------------------------
completed-transcript-0E37323141.pdf, NOT_SCANNED Message Quarantined

 

If you don’t like the messages included in the body of the message, they can be customized to fit your needs.  To do this go to Security / AntiVirus / Virus Scanning, then click the Warning Message button next to “Add warning to top of message body if not scanned.”

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
Sent: Sunday, May 31, 2020 11:32 AM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] PDF's that can't be scanned are falsely called viruses.

 

MD occasionally fails to scan a PDF file and then says that it contains a virus although there is zero evidence for this, and in the example below that was stopped this morning, I think that it is extremely unlikely, I suspect that the PDF is simply images because it's not password protected, it was downloaded from an academic site, processed by the users Windows 10 AV software, and then stopped by MD.

I would rather see MD tell the truth, that the document can't be scanned and is held, rather than littered with fake virus warnings.

X-Envelope-From: xxxxxxx@motion-labs.com
X-MDaemon-Deliver-To: pg-admissions@aber.ac.uk
Received: from [xx.xx.xxx.xx] by motion-labs.com via MDaemon Webmail with HTTP,
Sun, 31 May 2020 10:50:56 -0500
Date: Sun, 31 May 2020 10:50:56 -0500
From: "xxxxxxx xxxxxxx" (xxxxxxx@motion-labs.com)
To: pg-admissions@aber.ac.uk
Subject: Creative Writing MA Admission Documents
MIME-Version: 1.0
Content-Type: multipart/mixed, boundary="0531-1550-56-01-PART_BREAK"
Message-ID: (WC20200531155056.450030@motion-labs.com)
X-Mailer: MDaemon Webmail 19.5.5
X-MDDKIMSelector: s=MDaemon d=motion-labs.com i=xxxxxxx@motion-labs.com
X-MDBadQueue-Reason: WARNING! infected with virus (completed-transcript-0E37323141.pdf)

--0531-1550-56-01-PART_BREAK
Content-Type: multipart/alternative, boundary="0531-1550-56-03-PART_BREAK"

--0531-1550-56-03-PART_BREAK
Content-Type: text/plain, charset="us-ascii"

----------------------------------------------------------------
SecurityPlus for MDaemon was not able to scan message attachment
----------------------------------------------------------------

·  ****************************** WARNING ******************************* The message has been scanned by SecurityPlus for MDaemon and was found
to contain an attachment that could not be scanned. Information on the
attachment and action taken is provided below.

·  ****************************** WARNING *******************************

----------------------------------------------------------------------
Attachment Virus name Action taken
----------------------------------------------------------------------
completed-transcript-0E37323141.pdf, NOT_SCANNED Message Quarantined


View/reply at PDF's that can't be scanned are falsely called viruses.

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Edmund Cramp - Jun 1, 2020 3:42 pm (#1 Total: 18)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 224

MDaemon
Outlook Connector
WebAdmin
I opened the message, scanned the PDF, and opened it to view the properties - it was completely trustworthy (VirusTotal scanned it and found nothing) and readable but since it's an academic transcript it's protected from modification. I could release the message but the recipient would be told that I was sending them a virus when it's delivered. It looks like SecurityPlus saw that it was password protected and didn't try and verify it, but it was completely readable, just not modifiable.
Yes, I know that I can modify the messages but in general I think it's best modify MD as little as possible and in general MD/SP does a great job at stopping our daily viruses - I'm just letting you know about this because I see it as a minor internal scanning error that could probably be fixed. I can send you a copy of the PDF (I'd have to use Gmail, not MD) if you want to try running it through SecurityPlus at your end.

Arron Caruth - Jun 1, 2020 3:50 pm (#2 Total: 18)  

Guest User  

Photo of Author
Posts: 1

 

> I could release the message but the recipient would be told that I was sending them a virus when it's delivered.

 

How would the recipient be told that you were sending them a virus?

 

Yes, please send me a copy of the PDF along with a copy of your MDaemon.ini file.  Please send them through your MDaemon server and allow it to be quarantined and then release it from the quarantine.

 

You can send them to arron@altn.com.

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
Sent: Monday, June 1, 2020 3:42 PM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] PDF's that can't be scanned are falsely called viruses.

 

I opened the message, scanned the PDF, and opened it to view the properties - it was completely trustworthy (VirusTotal scanned it and found nothing) and readable but since it's an academic transcript it's protected from modification. I could release the message but the recipient would be told that I was sending them a virus when it's delivered. It looks like SecurityPlus saw that it was password protected and didn't try and verify it, but it was completely readable, just not modifiable.
Yes, I know that I can modify the messages but in general I think it's best modify MD as little as possible and in general MD/SP does a great job at stopping our daily viruses - I'm just letting you know about this because I see it as a minor internal scanning error that could probably be fixed. I can send you a copy of the PDF (I'd have to use Gmail, not MD) if you want to try running it through SecurityPlus at your end.


View/reply at PDF's that can't be scanned are falsely called viruses.

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

Edmund Cramp - Jun 3, 2020 7:58 am (#3 Total: 18)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 224

MDaemon
Outlook Connector
WebAdmin
I have just forwarded the message to you, it was held in the quarantine queue so I have just released it. I expect that it will end up in your queue to, the subject line is:
Subject: FW: Creative Writing MA Admission Documents

Arron Caruth - Jun 4, 2020 11:54 am (#4 Total: 18)  

Guest User  

Photo of Author
Posts: 1

It looks to me like the issue has been corrected in MDaemon 20.0.0.

 

Would you like to try MDaemon 20.0.0?

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
Sent: Wednesday, June 3, 2020 7:59 AM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] PDF's that can't be scanned are falsely called viruses.

 

I have just forwarded the message to you, it was held in the quarantine queue so I have just released it. I expect that it will end up in your queue to, the subject line is:
Subject: FW: Creative Writing MA Admission Documents


View/reply at PDF's that can't be scanned are falsely called viruses.

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

Edmund Cramp - Jun 10, 2020 3:59 pm (#5 Total: 18)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 224

MDaemon
Outlook Connector
WebAdmin
That's good to hear, yes I'd be willing to try it out and let you know what I see. We're a small medical company so our malware deliveries have shot up recently.

Arron Caruth - Jun 10, 2020 5:13 pm (#6 Total: 18)  

Guest User  

Photo of Author
Posts: 1

We are releasing MD 20.0.0 to the public on 6/16 and you will be able to download it from our website, or if you’d like it sooner, please contact me offlist and I will get you the installer.

 

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
Sent: Wednesday, June 10, 2020 3:59 PM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] PDF's that can't be scanned are falsely called viruses.

 

That's good to hear, yes I'd be willing to try it out and let you know what I see. We're a small medical company so our malware deliveries have shot up recently.


View/reply at PDF's that can't be scanned are falsely called viruses.

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

Edmund Cramp - Jun 15, 2020 7:30 am (#7 Total: 18)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 224

MDaemon
Outlook Connector
WebAdmin
Just a note - I see a number of potential infections arrive as HTM files - I quarantine all .HTM and HTML files because the AV software has always let them through in the past. This morning's delivery was:

X-MDBadQueue-Reason: WARNING! message contained restricted files (Maersk-DB_ahjbcfb0x00CD.pdf.htm)

Arron Caruth - Jun 15, 2020 7:47 am (#8 Total: 18)  

Guest User  

Photo of Author
Posts: 1

Please send false negatives directly to Cyren or to us and we will send them to Cyren.

 

Instructions for sending them to Cyren can be found at https://www.cyren.com/support/reporting-av-misclassifications

 

Or you can send them to virusfn@mdaemon.com.  Please make sure to attach the original messages so that we can see all the email headers and the content of the message. We have automated the processing of submissions and you will not get a response from this address.

 

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
Sent: Monday, June 15, 2020 7:31 AM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] PDF's that can't be scanned are falsely called viruses.

 

Just a note - I see a number of potential infections arrive as HTM files - I quarantine all .HTM and HTML files because the AV software has always let them through in the past. This morning's delivery was:

X-MDBadQueue-Reason: WARNING! message contained restricted files (Maersk-DB_ahjbcfb0x00CD.pdf.htm)


View/reply at PDF's that can't be scanned are falsely called viruses.

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

Edmund Cramp - Jun 22, 2020 8:52 am (#9 Total: 18)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 224

MDaemon
Outlook Connector
WebAdmin
Other than the specific PDF issue that I described (and sent you the email), I am having no problems with the MD AV functions, they are working extremely well - this morning nothing has managed to get through although the count today so far is that 18% of all emails are infected. I trust MD.

azizan@idemitsu-ps.com.my - Oct 1, 2020 3:49 am (#10 Total: 18)  

 

Photo of Author
azizan@idemitsu…
Newbie
Newbie
Posts: 33

MDaemon
Outlook Connector
SecurityPlus
WebAdmin
Hi there,

Same here, some PDF and some PPTX file goes to quarantine. This happened since I upgrade to 20.0.1

Arron Caruth - Oct 1, 2020 7:33 am (#11 Total: 18)  

Guest User  

Photo of Author
Posts: 1

Please send false positives directly to Cyren or to us and we will send them to Cyren.

 

Instructions for sending them to Cyren can be found at https://www.cyren.com/support/reporting-av-misclassifications

 

Or you can send them to virusfp@mdaemon.com.  Please make sure to attach the original messages so that we can see all the email headers and the content of the message. We have automated the processing of submissions and you will not get a response from this address.

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (azizan@idemitsu-ps.com.my)
Sent: Thursday, October 1, 2020 3:49 AM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] PDF's that can't be scanned are falsely called viruses.

 

Hi there,

Same here, some PDF and some PPTX file goes to quarantine. This happened since I upgrade to 20.0.1


View/reply at PDF's that can't be scanned are falsely called viruses.

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

Edmund Cramp - Oct 20, 2020 11:07 am (#12 Total: 18)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 224

MDaemon
Outlook Connector
WebAdmin
I'm seeing this too - it says that SecurityPlus for MDaemon was not able to scan message attachment but then seems to assume that because it can't scan it (it's not password protected) that it must be a virus.

The message needs to say that the scanning failed, not that it must be a virus simply because SecurityPlus failed.

Arron Caruth - Oct 20, 2020 12:31 pm (#13 Total: 18)  

Guest User  

Photo of Author
Posts: 1

What version of MDaemon are you using?

 

What does the log show is happening?

 

Which AV engine is reporting the issue when scanning the file?

 

If it is ClamAV and Heuristics.Limits.Exceeded is being returned when scanning the message, MDaemon 20.0.1 changed it so that a message that exceeded the scanning limits would be treated as a Non-Scanned message rather than a Virus.

 

MDaemon 20.0.3, which is currently in beta, sets AlertExceedsMax to No, which is the default, because the limits need to be customized and we are unable to determine what values are appropriate and will work for everyone.  

 

If its Cyren returning an error, or any other error from ClamAV please send me a  copy of the attachment so we can do further testing.

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on
www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the
MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
Sent: Tuesday, October 20, 2020 11:08 AM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] PDF's that can't be scanned are falsely called viruses.

 

I'm seeing this too - it says that SecurityPlus for MDaemon was not able to scan message attachment but then seems to assume that because it can't scan it (it's not password protected) that it must be a virus.

The message needs to say that the scanning failed, not that it must be a virus simply because SecurityPlus failed.


View/reply at PDF's that can't be scanned are falsely called viruses.

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

Arron Caruth - Oct 20, 2020 3:05 pm (#14 Total: 18)  

Guest User  

Photo of Author
Posts: 1

I forgot to add that MDaemon 20.0.3 was being released today.  So if your issue is with ClamAV  exceeding configured limits, upgrading to 20.0.3 should work around it.

 

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on
www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the
MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of Arron Caruth
Sent: Tuesday, October 20, 2020 12:31 PM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] PDF's that can't be scanned are falsely called viruses.

 

What version of MDaemon are you using?

 

What does the log show is happening?

 

Which AV engine is reporting the issue when scanning the file?

 

If it is ClamAV and Heuristics.Limits.Exceeded is being returned when scanning the message, MDaemon 20.0.1 changed it so that a message that exceeded the scanning limits would be treated as a Non-Scanned message rather than a Virus.

 

MDaemon 20.0.3, which is currently in beta, sets AlertExceedsMax to No, which is the default, because the limits need to be customized and we are unable to determine what values are appropriate and will work for everyone.  

 

If its Cyren returning an error, or any other error from ClamAV please send me a  copy of the attachment so we can do further testing.

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on
www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the
MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
Sent: Tuesday, October 20, 2020 11:08 AM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] PDF's that can't be scanned are falsely called viruses.

 

I'm seeing this too - it says that SecurityPlus for MDaemon was not able to scan message attachment but then seems to assume that because it can't scan it (it's not password protected) that it must be a virus.

The message needs to say that the scanning failed, not that it must be a virus simply because SecurityPlus failed.


View/reply at PDF's that can't be scanned are falsely called viruses.

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------
 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

Luca Rasca - Jan 28, 2022 8:21 am (#15 Total: 18)  

 

Photo of Author
Luca Rasca
Newbie
Newbie
Posts: 20
Hi, I have a similar problem. My Mademon AV plugin is not able to scan a PDF with limited permissions but if uploaded in VirusTotal the same engines (ClamAV and Cynet) can scan it without error.

Arron Caruth - Jan 28, 2022 9:06 am (#16 Total: 18)  

Guest User  

Photo of Author
Posts: 1
Can you send me a copy of the PDF so that we can test it?  If you'd prefer to not post it to the discussion group, you can send it to me privately.

What version of MDaemon are you using?

What does MDaemon's inbound SMTP log show is happening?  

What does the antivirus log show is happening?

What does the clamd log show is happening?

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email

Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

On Fri, 28 Jan 2022 08:21:09 -0500, "lists-md-anti-virus@mdaemon.com (Luca Rasca)" <lists-md-anti-virus@mdaemon.com> wrote:
Hi, I have a similar problem. My Mademon AV plugin is not able to scan a PDF with limited permissions but if uploaded in VirusTotal the same engines (ClamAV and Cynet) can scan it without error.


View/reply at PDF's that can't be scanned are falsely called viruses.
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

Edmund Cramp - Jan 28, 2022 10:16 am (#17 Total: 18)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 224

MDaemon
Outlook Connector
WebAdmin
A password protected PDF can't be scanned - MD needs to simply tell people that the PDF attachment was not scanned, not assume that it was a virus although that's certainly a possibility, I'm not going to open a password protected "New $10million PO.PDF" (LOL) but I will open 2022taxreturn.pdf once I verify that it was sent from my accountant in the US.

Maybe the "unscanned" message could add some basic details about the potential source of the unscannable emails?

Arron Caruth - Jan 28, 2022 10:29 am (#18 Total: 18)  

Guest User  

Photo of Author
Posts: 1
>A password protected PDF can't be scanned 

You are correct.

I'm not sure what you are wanting to be changed.  Are you just wanting to allow files that cannot be scanned to be delivered?  If you do go to Security / Antivirus / Virus Scanning, uncheck the box for Quarantine messages that cannot be scanned.  Or if you prefer you can allow password-protected files based on sender, recipient, and file name.

You can also add a warning to a message that was not scanned, instead of quarantining it and the message is customizable.  To enable this check the box next to Add warning to the top of the message body if not scanned, and then to customize it click the warning message box to the right of the item.


--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email

Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

On Fri, 28 Jan 2022 10:16:36 -0500, "lists-md-anti-virus@mdaemon.com (Edmund Cramp)" <lists-md-anti-virus@mdaemon.com> wrote:
A password protected PDF can't be scanned - MD needs to simply tell people that the PDF attachment was not scanned, not assume that it was a virus although that's certainly a possibility, I'm not going to open a password protected "New $10million PO.PDF" (LOL) but I will open 2022taxreturn.pdf once I verify that it was sent from my accountant in the US.

Maybe the "unscanned" message could add some basic details about the potential source of the unscannable emails?


View/reply at PDF's that can't be scanned are falsely called viruses.
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------



  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.