Postmaster virus detected email marked as spam

[tiagom]

Im sending a test email with a file that had an .exe attachment which is blocked by our server.

The postmaster reply to the user stating that the email sent contains a virus is being blocked with the following spam report

• Spam Report:
  Score Matching Rule
  cached not
  score=35.798
  5 required
  0.10 ANY_BOUNCE_MESSAGE
  -1.90 BAYES_00
  2.00 DSN_NO_MIMEVERSION
  -0.00 NO_RELAYS
  0.00 URIBL_BLOCKED
  0.10 VBOUNCE_MESSAGE
  20.00 VIRUS_WARNING15
  12.00 VIRUS_WARNING33
  3.50 VIRUS_WARNING62

I have tried whitelisting postmaster@alpha.domain in Mailscanner front end from WHM and from the individual user.

So i went and looked at spam.whitelist.rules
It contains several entries. I assume defaults.

So i tried adding:

From: postmaster@alpha.domain yes


Still doesn't work


Any help is greatly appreciated

[sawbuck]

Since exe files are denied by default you need to look at the Attachment Filename Checking section in the MS config file. For more granular control you will want to use a ruleset.

Given you are also virus scanning you would need to adjust the virus.scanning.rules to allow an exception for the domain.

Assume you already know, based on the postmaster response you posted, that allowing exe files is generally a bad idea.

[tiagom]

I think there may be a misunderstanding.

The response containing

Our e-mail content detector has just been triggered by a message you sent:
To: [user]
Subject: test
Date: [date]

One or more of the attachments (winmail.dat, md5.exe) are on
the list of unacceptable attachments for this site and will not have
been delivered.

The virus detector said this about the message:
Report: Report: MailScanner: Executable DOS/Windows programs are dangerous
in email (md5.exe)
Report: No programs allowed (md5.exe)


--
MailScanner

Is being marked as spam with the spam report posted earlier.

There are no attachments. Just that plain text reply. I noticed when looking in mailwatch the from is blank, but in the message there is a from, perhaps that's why the white list rule fails?

[Sarah]

It looks like you are using some nonstandard spamassassin rules, and these are causing your problem.

20.00 VIRUS_WARNING15
12.00 VIRUS_WARNING33
3.50 VIRUS_WARNING62

[tiagom]

The email should never even be scanned by spamassassin since it is whitelisted. That is my point.

[Sarah]

Are you using the front-end to add the email address to the whiltelist? If you edited the file directly it was probably overwritten by the MSFE overnight script. To give any further assistance we'd need to see the full unedited headers of the email that is being marked as spam, plus the contents of your spam.whitelist.rules file. You might want to log a ticket on the helpdesk to provide that information.