Logout

Alt-N Discussion Groups > Discussions > MDaemon Statistics display

Edmund Cramp

Send email to eac@motion-labs.com

Which Alt-N products do you use?

MDaemon
Outlook Connector
WebAdmin

Most recent posts: Edmund Cramp

the mailbox scan works! - 07:33am Sep 8, 2022 CDT - Are the messages in quarantine included in the anti-virus scanning? I scan them all with VirusTotal before releasing then if they are not detected, but I normally find messages that have been sitting in quarantine for hours and have not been detected by the anti-virus scan.
A nice feature of VirusTotal is that I can just upload the quarantined .msg file to get it scanned.

"Virus definitions out of date!" warning message ends up in Bad Queue - 04:05pm Aug 23, 2022 CDT - I can send you all the logs if you want, in this case the first two messages log as:
Tue 2022-08-23 03:33:19.705: Start Content Filter results
Tue 2022-08-23 03:33:19.723: * Message moved to c:/mdaemon/cfilter/quarant/md5001000003030.msg
Tue 2022-08-23 03:33:19.723: * Restricted attachment(s) detect:
Tue 2022-08-23 03:33:19.723: * Attachment.iso
Tue 2022-08-23 03:33:19.723: * message quarantined
Tue 2022-08-23 03:33:19.726: * Notification sent to postmaster@xxxxx.xxx (admin) (my domain deleted)
Tue 2022-08-23 03:33:19.726: * Matched 0 of 10 active rules
Tue 2022-08-23 03:33:19.726: End of Content Filter results
Tue 2022-08-23 03:33:19.726: ----------

But the third message log is:
Tue 2022-08-23 03:56:45.874: Start Content Filter results
Tue 2022-08-23 03:56:45.892: * Message moved to c:/mdaemon/cfilter/quarant/md5001000003031.msg
Tue 2022-08-23 03:56:45.892: * Restricted attachment(s) detect:
Tue 2022-08-23 03:56:45.892: * Attachment.iso
Tue 2022-08-23 03:56:45.892: * message quarantined
Tue 2022-08-23 03:56:45.893: * Matched 0 of 10 active rules
Tue 2022-08-23 03:56:45.893: End of Content Filter results
Tue 2022-08-23 03:56:45.893: ----------

But note the time suggests that the message has been quarantined for a couple of hours before the log is updated.

"Virus definitions out of date!" warning message ends up in Bad Queue - 02:44pm Aug 23, 2022 CDT - Just letting you know what I'm seeing happen:
I had three emails quarantined this morning, all of which were delivered early today, but only two messages were documented to the postmaster. I'm attaching a screen capture with some edits to remove anything that would ID me. You see the quarantine summary shows three messages but only two generated individual quarantine delivery message to the postmaster...

"Virus definitions out of date!" warning message ends up in Bad Queue - 07:37am Aug 23, 2022 CDT - X-MDBadQueue-Reason: WARNING! message contained restricted files (Product.img)

...and here's a complete header with the delivery domain name edited to xxxxxx :

X-CFilter-Restricted-Files: Attachment.iso
X-CFilter-Processed: mail.xxxxxxx.com, Tue, 23 Aug 2022 03:22:45 -0500
X-MDAV-Processed: mail.xxxxxxx.com, Tue, 23 Aug 2022 03:22:45 -0500
X-Spam-Processed: mail.xxxxxxx.com, Tue, 23 Aug 2022 03:22:45 -0500
Return-path: (mail@replyinfodot.com)
X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on ASHLEY
X-Spam-Level:
X-Spam-Status: No, score=-0.6 required=4.5 tests=BAYES_20,HTML_MESSAGE,
SPF_PASS,T_ISO_ATTACH,T_KAM_HTML_FONT_INVALID,T_SCC_BODY_TEXT_LINE
shortcircuit=no autolearn=ham autolearn_force=no version=3.4.4
Authentication-Results: mail.xxxxxxx.com,
spf=pass smtp.mailfrom=mail@replyinfodot.com,
dmarc=pass header.from=replyinfodot.com (p=none sampling=90 pct=100),
iprev=pass policy.iprev=23.254.226.186 (PTR hwsrv-995791.hostwindsdns.com),
iprev=pass policy.iprev=23.254.226.186 (HELO hwsrv-995791.hostwindsdns.com),
iprev=pass policy.iprev=23.254.226.186 (MAIL mail@replyinfodot.com)
Received-SPF: pass (mail.xxxxxxx.com: domain replyinfodot.com
designates 23.254.226.186 as permitted sender)
receiver=mail.xxxxxxx.com, client-ip=23.254.226.186,
mechanism=mx, envelope-from="mail@replyinfodot.com",
helo=hwsrv-995791.hostwindsdns.com,
Received: by mail.xxxxxxx.com with ESMTPS id md5001001084333.msg, Tue, 23 Aug 2022 03:22:43 -0500
X-MDSPF-Result: unapproved (mail.xxxxxxx.com)
X-MDRemoteIP: 23.254.226.186
X-MDHelo: hwsrv-995791.hostwindsdns.com
X-MDArrival-Date: Tue, 23 Aug 2022 03:22:43 -0500
X-MDOrigin-Country: US, NA
X-Rcpt-To: sales@xxxxxxx.com
X-MDRcpt-To: sales@xxxxxxx.com
X-Return-Path: mail@replyinfodot.com
X-Envelope-From: mail@replyinfodot.com
X-MDaemon-Deliver-To: sales.i@xxxxxxx.com
Received: from [45.133.174.47] (unknown [45.133.174.47])
by hwsrv-995791.hostwindsdns.com (Postfix) with ESMTPSA id 4F3A88B2,
Tue, 23 Aug 2022 08:09:06 +0000 (UTC)
Authentication-Results: hwsrv-995791.hostwindsdns.com,
        spf=pass (sender IP is 45.133.174.47) smtp.mailfrom=mail@replyinfodot.com smtp.helo=[45.133.174.47]
Received-SPF: pass (hwsrv-995791.hostwindsdns.com: connection is authenticated)
Content-Type: multipart/mixed, boundary="===============0675134608=="
MIME-Version: 1.0
Subject: Your Amazon.com Order was Canceled-YOUR ACTION IS REQUIRED
To: Recipients (mail@replyinfodot.com)
From: "Amazon Customer Support" (mail@replyinfodot.com)
Date: Tue, 23 Aug 2022 01:09:02 -0700
Message-ID: (MDAEMON-F202208230322.AA223863md5001000014701@cande.us)
X-MDBadQueue-Reason: WARNING! message contained restricted files (Attachment.iso)

The log says:

Tue 2022-08-23 03:22:45.466: Start MDaemon AntiVirus results (Cyren AV) (ClamAV)
Tue 2022-08-23 03:22:45.629: * Total attachments scanned : 4 (including multipart/alternatives and message body)
Tue 2022-08-23 03:22:45.629: * Total attachments infected : 0
Tue 2022-08-23 03:22:45.629: * Total attachments disinfected: 0
Tue 2022-08-23 03:22:45.629: * Total errors while scanning : 0
Tue 2022-08-23 03:22:45.629: * Total attachments removed : 0
Tue 2022-08-23 03:22:45.651: End of MDaemon AntiVirus results

"Virus definitions out of date!" warning message ends up in Bad Queue - 07:39am Aug 22, 2022 CDT - We delete detected viruses and quarantine emails with risky contents (exe files, img files etc) but I'm now frequently seeing infected emails quarantined yet when I forward the email to MD as a false virus scan almost all the forwarded emails are rejected because they contain a virus.
So it seems that the MD AV is not working reliably.

OK


You are visiting as a Guest user.