Antivirus

Maur0V
Posts: 30
Joined: Thu May 09, 2013 10:26 am

Antivirus

Postby Maur0V » Fri Aug 25, 2017 9:38 am

Hi to all.
I'm running ME 9.75 premium. I've configured antivirus filter that seems to work fine but the infected attachment isn't removed.
I've tried using integrated clamav and A2CMD creating an adhoc config. Virus are detectect (at least some of them), and the filter checking if mail is infected is working fine (it add [VIRUS] to the object) but.... infected element is still in the mail.....
is possible to remove just the infected element (not the full email via the filter? )
thanks for attention )

MailEnable-Ian
Site Admin
Posts: 8392
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Antivirus

Postby MailEnable-Ian » Tue Sep 05, 2017 12:10 am

Hi,

The ClamAV plugin "Detection method" has been configured to check the return code that the ClamAV scanner returns when a message is infected with a virus. A filter can be created to action if the message contains a virus. Normally any email that has a virus is unwanted as the email contents will most likely be spam. You can change the ClamAV plugin "Detection method" to "Command line arguments will delete attachment" so that the virus is removed, however you will need to first determine what parameter is required by ClamAV to remove infected files. Open a Windows command prompt and navigate to the Mail Enable\Antivirus\ClamAV. Type clamscan -help for a list of parameters. I believe the --remove parameter is required. Once you know the parameter add it to the "Command line arguments" field after the --no-summary parameter. Also make sure you remove any filtering actions to "Delete Message" if you had them set earlier.
Regards,

Ian Margarone
MailEnable Support

Maur0V
Posts: 30
Joined: Thu May 09, 2013 10:26 am

Re: Antivirus

Postby Maur0V » Wed Sep 06, 2017 10:38 am

I've tryed your suggestions with 2 antivirus (clamav whith --remove ) and a2cmd with /D
A test email whit eicar as attachmet is found to be infected but... attachment still here
toogled antivirus will delete infected item and return code for both antivirus.... but nothing change
running enterprise 9.76
Older versione ( 8.60) was working "better" in this specific argoument. moreover.... calling the attachment in the scratch folder with .ATT extension my confuse some antivirus to elaborate compressed files. if i can propose, an guid file name with correct extension should be better

rfwilliams777
Posts: 1233
Joined: Thu Nov 11, 2004 5:26 pm
Location: Kingsville, Texas

Re: Antivirus

Postby rfwilliams777 » Tue Sep 19, 2017 8:24 pm

Another option is to use MXScan but only the antivirus is enable. Then use Avast to filter. Avast is great.
Robert Williams, Owner
www.WWSHosting.net
#1 in MailEnable Business-Class Email Hosting - Switch to Williams Web Solutions and get your first 2 months FREE!
We can be hired to help you with your Mail Enable server, too!

Who is online

Users browsing this forum: No registered users and 9 guests