Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Anti-virus Plug-in > Antivirus not picking up viruses when "Refuse To Accept Message..." isn't selected

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Anti-virus Plug-in  /

Antivirus not picking up viruses when "Refuse To Accept Message..." isn't selected

[Clark, Chris]
Chris Clark
Newbie
Newbie
Posts: 3
Chris Clark - 03:56pm, Aug 30 2020

Hi,

I've been testing Version 20 with some ClamAV 3rd party signatures and an email matching a signature is blocked if "Refuse to accept messages that are infected with virus" is selected but the same email doesn't get picked up by later scanning when this isn't selected. I didn't have anything to test if this was also true for Cyren.
I don't think I've missed anything with the configuration.

Chris

  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

David C - Sep 1, 2020 4:16 pm (#1 Total: 4)  

 

Photo of Author
David C
Guru
Guru
Posts: 1406
MDaemon has two antivirus engines:
  • Cyren AntiVirus
  • ClamAV

    Both antivirus engines can be independently of the other in the MDaemon AntiVirus settings.
  • http://help.altn.com/mdaemon/en/index.html?antivirus.htm

    While both antivirus engines can process inbound or outbound email, only the process "SPScanCT" is being run when the option to scan end-user mailbox folder is enabled. This means that only the Cyren AntiVirus engine is being used for scanning end-user mailbox folders and the ClamAV engine is not. This is why the ClamAV engine is not finding infected files during the processing of end-user mailbox folders. There is no way to change this behavior in MDaemon.

  • Chris Clark - Sep 3, 2020 1:22 pm (#2 Total: 4)  

     

    Photo of Author
    Chris Clark
    Newbie
    Newbie
    Posts: 3
    Thank is for the info.
    It's a pity there isn't this option with ClamAV because to refuse a message means you have to trust the antivirus to always get it right. By using the Content Filter to process emails marked as a virus allows you to monitor how good various signatures are, create exceptions and restore false positives.

    Chris

    Replies to this message
  • Edmund Cramp (Sep 23, 2020 8:36 am)


  • Edmund Cramp - Sep 18, 2020 7:03 am (#3 Total: 4)  

     

    Photo of Author
    Edmund Cramp
    Novice
    Novice
    Posts: 225

    MDaemon
    Outlook Connector
    WebAdmin
    You can't trust MDAV or any AV software to be 100% accurate - malware evolves all the time, a month ago I was seeing a lot of viruses stopped but nothing has been stopped in the last week. The best thing to do is use the content filter to quarantine all messages with potential malware attachments - my CfDelFiles.dat list is attached which allows you to quarantine everything that the AV software misses.
    Note that it stops some files that are common attachments but still risky - we see "malware".xls files all the time.

    Attachments:

    CfDelFiles.dat (0 KB) (189 Downloads)


    Edmund Cramp - Sep 23, 2020 8:36 am (#4 Total: 4)  

     

    Photo of Author
    Edmund Cramp
    Novice
    Novice
    Posts: 225

    MDaemon
    Outlook Connector
    WebAdmin
    Replying to: Chris Clark (Sep 3, 2020 1:22 pm)
    Thank is for the info. It's a pity there isn't this option with ClamAV because to refuse a message means...

    Another useful clue when viruses arrive is to add a list of honeypot addresses to MD, this "allows" you to see when fakes are being sent so when you see the same "Urgent Invoice #7239392.docx" arrive at both valid emails addresses and honeypot addresses you can simple delete everything.
    Without the honeypot feature the faked addresses would just be rejected and you would only see the viruses sent to valid addresses - honeypots are very useful!



      All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



     Content:

    Read New | Search

     Guest:

    Email to Admin



    You are visiting as a Guest user.