ConfigServer Community Forum

Peer support forums for ConfigServer Scripts
https://mail.forum.configserver.com/

Virus got through

https://mail.forum.configserver.com/viewtopic.php?t=10303

Page 1 of 1

Virus got through

Posted: 12 Jun 2017, 10:44
by keat63
I installed MSFE last week, so I'm watching the logs and activity avidly.
Today, an email was passed to the end user, which I suspect contains multiple virus.

It contained a number of compressed ACE files, which upon investigation both contain EXE's.
I've now added ACE to the list of zip files in MSFE config.

However, worryingly, it also passed a PDF file, which upon investigation also has something nasty going on.

Any ideas please.

Re: Virus got through

Posted: 12 Jun 2017, 15:39
by Sarah
Are you using clamd (clamavconnector) with MailScanner? If so, then MailScanner is using clamav to scan files, and if there are viruses that have not been detected it is because clamav is not detecting them. Not really anything to do with MailScanner itself, and nothing to do with the MailScanner Front-End.

Re: Virus got through

Posted: 12 Jun 2017, 15:51
by keat63
Hi Sarah

I suspect my install wasn't quite right, as i've also been seeing a message about not being unable to read the rules (I have a support ticket open).
I re-ran the install this afternoon and now the reading rules failure has subsided, and I suspect now scanning files.
All times are UTC
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited