Byteplant Forum

Home » CleanMail Support » CleanMail Server Talk » Antivirus Filtering
Antivirus Filtering [message #1888] Tue, 15 January 2008 21:24
mhcomp
Messages: 11
Registered: September 2007
Junior Member
We have our NoSpamToday for Servers set to reject/redirect to a Spam account within Exchange 2003. This account is then checked by someone from a Workstation. Somehow viruses are getting past the Antivirus check the NoSpamToday should be doing causing much concern on the Workstation when her antivirus program scans the email and finds a virus!!!

What could be the problem. I have checked everything and even sent the eicar test string which got deleted by NoSpamToday is instructed to do so. I have got the latest version installed 3.0.5.1
Re: Antivirus Filtering [message #1889 is a reply to message #1888] Wed, 16 January 2008 18:48 Go to previous message
support
Messages: 918
Registered: April 2004
Senior Member
Virus checkers in NST are configured to scan messages only, so if you just reject/redirect the message, it will be forwarded to the spam account with the virus still intact.

If you have a virus checker that supports an option to sanitize messages, you can experiment with the AV filter settings, but it is probably much simpler to just reject/delete virus messages.

False positives with virus filters are far less common than with spam filters.



Customer Support
Byteplant GmbH
Re: Antivirus Filtering [message #1890 is a reply to message #1888] Tue, 22 January 2008 02:49 Go to previous message
mhcomp
Messages: 11
Registered: September 2007
Junior Member
I think you may of misunderstood.

To clarify, Antivirus checking in NST is indeed set to reject/delete. If an incoming message gets marked as Spam by the DNSBL filter which is set to reject/redirect surely the Antivirus should still check the message for viruses before redirecting it to the Spam account.
Re: Antivirus Filtering [message #1891 is a reply to message #1890] Wed, 23 January 2008 14:51 Go to previous message
support
Messages: 918
Registered: April 2004
Senior Member
OK, I see your point, and you're right, this is not expected behaviour.

Please send your noSPAMtoday.cf file to nstsupport@byteplant.com so we can have a look at what's going on. Please add examples of this thing happening (ie. log file snippets), OS version information, and NoSpamToday! version information.



Customer Support
Byteplant GmbH
Re: Antivirus Filtering [message #1892 is a reply to message #1889] Thu, 24 January 2008 11:43 Go to previous message
mhcomp
Messages: 11
Registered: September 2007
Junior Member
Unfortunately the lady who handles the Spam only clears them every few days. The log file for NST only goes back to the previous day and I therefore can't get my hands on it.

Is there any way of extending the number of old log files that NST keeps to say 5 instead of 1 ?
Re: Antivirus Filtering [message #1893 is a reply to message #1892] Fri, 25 January 2008 11:40 Go to previous message
support
Messages: 918
Registered: April 2004
Senior Member
mhcomp wrote:

> Unfortunately the lady who handles the Spam only clears them
> every few days. The log file for NST only goes back to the
> previous day and I therefore can't get my hands on it.
>
> Is there any way of extending the number of old log files that
> NST keeps to say 5 instead of 1 ?

You can use the task scheduler to rename log files, or change the logging settings so that a log file lasts more than one day.



Customer Support
Byteplant GmbH
Re: Antivirus Filtering [message #1894 is a reply to message #1893] Tue, 06 May 2008 22:26 Go to previous message
mhcomp
Messages: 11
Registered: September 2007
Junior Member
My apologies for not getting back to you before.

Another customer of mine has had a similar occurance where the email marked as Spam by SpamAssassin has not been virus checked until it reached the clients Microsoft Outlook program where it was duly Quarantined.

I noted this time that the email had an attachment which was another email. That attached email contained an attachment which was an executable (exe) which was a trojan.

The antivirus on the SBS Server 2003 is Nod32 and appears not to be checking deep enough into the message.

Is there a way to change just how deep the antivirus scanner checks ?
Re: Antivirus Filtering [message #1895 is a reply to message #1894] Wed, 07 May 2008 11:25 Go to previous message
support
Messages: 918
Registered: April 2004
Senior Member
> Another customer of mine has had a similar occurance where the
> email marked as Spam by SpamAssassin has not been virus checked
> until it reached the clients Microsoft Outlook program where it
> was duly Quarantined.
>
> I noted this time that the email had an attachment which was
> another email. That attached email contained an attachment
> which was an executable (exe) which was a trojan.
>
> The antivirus on the SBS Server 2003 is Nod32 and appears not
> to be checking deep enough into the message.
>
> Is there a way to change just how deep the antivirus scanner
> checks ?

Please check the manuals of your antivirus software to find out more about the scanning options.



Customer Support
Byteplant GmbH
Previous Topic: sa-update for version 2.3.5.7?
Next Topic: SBS 2003 w/ 1 IP
Goto Forum:
  


Current Time: Wed Sep 28 07:09:54 CEST 2016