Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Anti-virus Plug-in > PDF's that can't be scanned are falsely called viruses.

[F] Alt-N Discussion Groups / MDaemon Discussion Groups / MDaemon Anti-virus Plug-in /

PDF's that can't be scanned are falsely called viruses.

[Caruth, Arron]
Arron Caruth
Arron Caruth - 07:30am, Jun 1 2020
Guest User

Can you point me to exactly what is leading you to conclude that the message is littered with fake virus warnings?

 

I see the X-MDBadQueueReason header which says the message is infected with virus (completed-transcript-0E37323141.pdf). I can see where this could be confusing. Unfortunately this cannot be customized.  We will look into improving the wording for a future version.

 

Is there other information that is included in the message that is leading you to believe the message is infected?  Or is it just this one header? 

 

The body of the message states multiple times that the message was not able to be scanned:

 

SecurityPlus for MDaemon was not able to scan message attachment

The message has been scanned by SecurityPlus for MDaemon and was found
to contain an attachment that could not be scanned. Information on the
attachment and action taken is provided below.


----------------------------------------------------------------------
Attachment Virus name Action taken
----------------------------------------------------------------------
completed-transcript-0E37323141.pdf, NOT_SCANNED Message Quarantined

 

If you don’t like the messages included in the body of the message, they can be customized to fit your needs.  To do this go to Security / AntiVirus / Virus Scanning, then click the Warning Message button next to “Add warning to top of message body if not scanned.”

 

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email
Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

From: md-av-plugin@mdaemon.com [mailto:md-av-plugin@mdaemon.com] On Behalf Of lists-md-anti-virus@mdaemon.com (Edmund Cramp)
Sent: Sunday, May 31, 2020 11:32 AM
To: md-av-plugin@mdaemon.com
Subject: [md-av-plugin] PDF's that can't be scanned are falsely called viruses.

 

MD occasionally fails to scan a PDF file and then says that it contains a virus although there is zero evidence for this, and in the example below that was stopped this morning, I think that it is extremely unlikely, I suspect that the PDF is simply images because it's not password protected, it was downloaded from an academic site, processed by the users Windows 10 AV software, and then stopped by MD.

I would rather see MD tell the truth, that the document can't be scanned and is held, rather than littered with fake virus warnings.

X-Envelope-From: xxxxxxx@motion-labs.com
X-MDaemon-Deliver-To: pg-admissions@aber.ac.uk
Received: from [xx.xx.xxx.xx] by motion-labs.com via MDaemon Webmail with HTTP,
Sun, 31 May 2020 10:50:56 -0500
Date: Sun, 31 May 2020 10:50:56 -0500
From: "xxxxxxx xxxxxxx" (xxxxxxx@motion-labs.com)
To: pg-admissions@aber.ac.uk
Subject: Creative Writing MA Admission Documents
MIME-Version: 1.0
Content-Type: multipart/mixed, boundary="0531-1550-56-01-PART_BREAK"
Message-ID: (WC20200531155056.450030@motion-labs.com)
X-Mailer: MDaemon Webmail 19.5.5
X-MDDKIMSelector: s=MDaemon d=motion-labs.com i=xxxxxxx@motion-labs.com
X-MDBadQueue-Reason: WARNING! infected with virus (completed-transcript-0E37323141.pdf)

--0531-1550-56-01-PART_BREAK
Content-Type: multipart/alternative, boundary="0531-1550-56-03-PART_BREAK"

--0531-1550-56-03-PART_BREAK
Content-Type: text/plain, charset="us-ascii"

----------------------------------------------------------------
SecurityPlus for MDaemon was not able to scan message attachment
----------------------------------------------------------------

·  ****************************** WARNING ******************************* The message has been scanned by SecurityPlus for MDaemon and was found
to contain an attachment that could not be scanned. Information on the
attachment and action taken is provided below.

·  ****************************** WARNING *******************************

----------------------------------------------------------------------
Attachment Virus name Action taken
----------------------------------------------------------------------
completed-transcript-0E37323141.pdf, NOT_SCANNED Message Quarantined

View/reply at PDF's that can't be scanned are falsely called viruses.

 
 
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------
 
---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

  (older msg: 14)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Luca Rasca - Jan 28, 2022 8:21 am (#15 Total: 18)  

 

Photo of Author
Luca Rasca
Newbie
Newbie
Posts: 20
Hi, I have a similar problem. My Mademon AV plugin is not able to scan a PDF with limited permissions but if uploaded in VirusTotal the same engines (ClamAV and Cynet) can scan it without error.

Arron Caruth - Jan 28, 2022 9:06 am (#16 Total: 18)  

Guest User  

Photo of Author
Posts: 1
Can you send me a copy of the PDF so that we can test it?  If you'd prefer to not post it to the discussion group, you can send it to me privately.

What version of MDaemon are you using?

What does MDaemon's inbound SMTP log show is happening?  

What does the antivirus log show is happening?

What does the clamd log show is happening?

--
Arron Caruth
Vice President of Product Development
o: 817-601-3222    e: Arron.Caruth@mdaemon.com

MDaemon Technologies
Simple Secure Email

Visit us on www.mdaemon.com | Facebook | LinkedIn | YouTube
Sent using the MDaemon Email Server

On Fri, 28 Jan 2022 08:21:09 -0500, "lists-md-anti-virus@mdaemon.com (Luca Rasca)" <lists-md-anti-virus@mdaemon.com> wrote:
Hi, I have a similar problem. My Mademon AV plugin is not able to scan a PDF with limited permissions but if uploaded in VirusTotal the same engines (ClamAV and Cynet) can scan it without error.

View/reply at PDF's that can't be scanned are falsely called viruses.
--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to 
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user 
support and discussion.  MDaemon staff members may participate in the 
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical 
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------


--MD-AV-PLUGIN-------------------------------------------------------
This list is for questions and discussion about AntiVirus plugins for
MDAEMON. To unsubscribe from this mailing list send an email to
md-av-plugin-unsubscribe@mdaemon.com .
--POWERED BY MDAEMON!------------------------------------------------

---------------------------------------------------------------------
These forums are provided by MDaemon Technologies for user-to-user
support and discussion.  MDaemon staff members may participate in the
forums periodically but please recognize that this is not the official
method of receiving technical support. To receive personal technical
support please use the form here:
http://www.mdaemon.com/Support/RequestSupport/
---------------------------------------------------------------------

Edmund Cramp - Jan 28, 2022 10:16 am (#17 Total: 18)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 233

MDaemon
Outlook Connector
WebAdmin
A password protected PDF can't be scanned - MD needs to simply tell people that the PDF attachment was not scanned, not assume that it was a virus although that's certainly a possibility, I'm not going to open a password protected "New $10million PO.PDF" (LOL) but I will open 2022taxreturn.pdf once I verify that it was sent from my accountant in the US.

Maybe the "unscanned" message could add some basic details about the potential source of the unscannable emails?



  (newer msg:1)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items


 Content:

Read New | Search

 Guest:

Email to Admin

You are visiting as a Guest user.