Logout

Alt-N Discussion Groups > MDaemon Discussion Groups > MDaemon Anti-virus Plug-in > Antivirus not picking up viruses when "Refuse To Accept Message..." isn't selected

 [F] Alt-N Discussion Groups  / MDaemon Discussion Groups  / MDaemon Anti-virus Plug-in  /

Antivirus not picking up viruses when "Refuse To Accept Message..." isn't selected

[Clark, Chris]
Chris Clark
Newbie
Newbie
Posts: 3
Chris Clark - 03:56pm, Aug 30 2020

Hi,

I've been testing Version 20 with some ClamAV 3rd party signatures and an email matching a signature is blocked if "Refuse to accept messages that are infected with virus" is selected but the same email doesn't get picked up by later scanning when this isn't selected. I didn't have anything to test if this was also true for Cyren.
I don't think I've missed anything with the configuration.

Chris

  (older msg: 2)All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items

Edmund Cramp - Sep 18, 2020 7:03 am (#3 Total: 4)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 233

MDaemon
Outlook Connector
WebAdmin
You can't trust MDAV or any AV software to be 100% accurate - malware evolves all the time, a month ago I was seeing a lot of viruses stopped but nothing has been stopped in the last week. The best thing to do is use the content filter to quarantine all messages with potential malware attachments - my CfDelFiles.dat list is attached which allows you to quarantine everything that the AV software misses.
Note that it stops some files that are common attachments but still risky - we see "malware".xls files all the time.

Attachments:

CfDelFiles.dat (0 KB) (211 Downloads)


Edmund Cramp - Sep 23, 2020 8:36 am (#4 Total: 4)  

 

Photo of Author
Edmund Cramp
Novice
Novice
Posts: 233

MDaemon
Outlook Connector
WebAdmin
Replying to: Chris Clark (Sep 3, 2020 1:22 pm)
Thank is for the info. It's a pity there isn't this option with ClamAV because to refuse a message means...

Another useful clue when viruses arrive is to add a list of honeypot addresses to MD, this "allows" you to see when fakes are being sent so when you see the same "Urgent Invoice #7239392.docx" arrive at both valid emails addresses and honeypot addresses you can simple delete everything.
Without the honeypot feature the faked addresses would just be rejected and you would only see the viruses sent to valid addresses - honeypots are very useful!



  All MessagesOldest ItemsOlder ItemsNewer ItemsNewest Items



 Content:

Read New | Search

 Guest:

Email to Admin



You are visiting as a Guest user.