Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Anti-virus Plug-in > PDF's that can't be scanned are falsely called viruses.

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Anti-virus Plug-in  /

PDF's that can't be scanned are falsely called viruses.

[Caruth, Arron]
Arron Caruth
Arron Caruth - 07:30am, Jun 1 2020
Guest User

Can you point me to exactly what is leading you to conclude that the message is littered with fake virus warnings?

 

I see the X-MDBadQueueReason header which says the message is infected with virus (completed-transcript-0E37323141.pdf). I can see where this could be confusing. Unfortunately this cannot be customized.  We will look into improving the wording for a future version.

 

Is there other information that is included in the message that is leading you to believe the message is infected?  Or is it just this one header? 

 

The body of the message states multiple times that the message was not able to be scanned:

 

SecurityPlus for MDaemon was not able to scan message attachment

The message has been scanned by SecurityPlus for MDaemon and was found
to contain an attachment that could not be scanned. Information on the
attachment and action taken is provided below.


----------------------------------------------------------------------
Attachment Virus name Action taken
----------------------------------------------------------------------
completed-transcript-0E37323141.pdf, NOT_SCANNED Message Quarantined

 

If you don’t like the messages included in the body of the message, they can be customized to fit your needs.  To do this go to Security / AntiVirus / Virus Scanning, then click the Warning Message button next to “Add warning to top of message body if not scanned.”

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
Sent: Sunday, May 31, 2020 11:32 AM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] PDF's that can't be scanned are falsely called viruses.

 

MD occasionally fails to scan a PDF file and then says that it contains a virus although there is zero evidence for this, and in the example below that was stopped this morning, I think that it is extremely unlikely, I suspect that the PDF is simply images because it's not password protected, it was downloaded from an academic site, processed by the users Windows 10 AV software, and then stopped by MD.

I would rather see MD tell the truth, that the document can't be scanned and is held, rather than littered with fake virus warnings.

X-Envelope-From: xxxxxxx@motion-labs.com
X-MDaemon-Deliver-To: pg-admissions@aber.ac.uk
Received: from [xx.xx.xxx.xx] by motion-labs.com via MDaemon Webmail with HTTP,
Sun, 31 May 2020 10:50:56 -0500
Date: Sun, 31 May 2020 10:50:56 -0500
From: "xxxxxxx xxxxxxx" (xxxxxxx@motion-labs.com)
To: pg-admissions@aber.ac.uk
Subject: Creative Writing MA Admission Documents
MIME-Version: 1.0
Content-Type: multipart/mixed, boundary="0531-1550-56-01-PART_BREAK"
Message-ID: (WC20200531155056.450030@motion-labs.com)
X-Mailer: MDaemon Webmail 19.5.5
X-MDDKIMSelector: s=MDaemon d=motion-labs.com i=xxxxxxx@motion-labs.com
X-MDBadQueue-Reason: WARNING! infected with virus (completed-transcript-0E37323141.pdf)

--0531-1550-56-01-PART_BREAK
Content-Type: multipart/alternative, boundary="0531-1550-56-03-PART_BREAK"

--0531-1550-56-03-PART_BREAK
Content-Type: text/plain, charset="us-ascii"

----------------------------------------------------------------
SecurityPlus for MDaemon was not able to scan message attachment
----------------------------------------------------------------

·  ****************************** WARNING ******************************* The message has been scanned by SecurityPlus for MDaemon and was found
to contain an attachment that could not be scanned. Information on the
attachment and action taken is provided below.

·  ****************************** WARNING *******************************

----------------------------------------------------------------------
Attachment Virus name Action taken
----------------------------------------------------------------------
completed-transcript-0E37323141.pdf, NOT_SCANNED Message Quarantined


View/reply at PDF's that can't be scanned are falsely called viruses.

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Edmund Cramp - Jun 1, 2020 3:42 pm (#1 Total: 18)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 224

MDaemon
Outlook Connector
WebAdmin
I opened the message, scanned the PDF, and opened it to view the properties - it was completely trustworthy (VirusTotal scanned it and found nothing) and readable but since it's an academic transcript it's protected from modification. I could release the message but the recipient would be told that I was sending them a virus when it's delivered. It looks like SecurityPlus saw that it was password protected and didn't try and verify it, but it was completely readable, just not modifiable.
Yes, I know that I can modify the messages but in general I think it's best modify MD as little as possible and in general MD/SP does a great job at stopping our daily viruses - I'm just letting you know about this because I see it as a minor internal scanning error that could probably be fixed. I can send you a copy of the PDF (I'd have to use Gmail, not MD) if you want to try running it through SecurityPlus at your end.

Arron Caruth - Jun 1, 2020 3:50 pm (#2 Total: 18)  

Guest User  

Photo of Author
Posts: 1

 

> I could release the message but the recipient would be told that I was sending them a virus when it's delivered.

 

How would the recipient be told that you were sending them a virus?

 

Yes, please send me a copy of the PDF along with a copy of your MDaemon.ini file.  Please send them through your MDaemon server and allow it to be quarantined and then release it from the quarantine.

 

You can send them to arron@altn.com.

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
Sent: Monday, June 1, 2020 3:42 PM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] PDF's that can't be scanned are falsely called viruses.

 

I opened the message, scanned the PDF, and opened it to view the properties - it was completely trustworthy (VirusTotal scanned it and found nothing) and readable but since it's an academic transcript it's protected from modification. I could release the message but the recipient would be told that I was sending them a virus when it's delivered. It looks like SecurityPlus saw that it was password protected and didn't try and verify it, but it was completely readable, just not modifiable.
Yes, I know that I can modify the messages but in general I think it's best modify MD as little as possible and in general MD/SP does a great job at stopping our daily viruses - I'm just letting you know about this because I see it as a minor internal scanning error that could probably be fixed. I can send you a copy of the PDF (I'd have to use Gmail, not MD) if you want to try running it through SecurityPlus at your end.


View/reply at PDF's that can't be scanned are falsely called viruses.

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

Edmund Cramp - Jun 3, 2020 7:58 am (#3 Total: 18)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 224

MDaemon
Outlook Connector
WebAdmin
I have just forwarded the message to you, it was held in the quarantine queue so I have just released it. I expect that it will end up in your queue to, the subject line is:
Subject: FW: Creative Writing MA Admission Documents



  (newer msg:15)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.