#1  
Old 20th August 2005, 02:42
domino domino is offline
Senior Member
 
Join Date: Aug 2005
Posts: 364
Thanks: 0
Thanked 10 Times in 9 Posts
Exclamation clamav functionality

I went over to http://www.webmail.us/testvirus and sent myself some eicar. I received the tests but some tests may have gotten though and some derivery errors also occured which i would like to resolve.

Mail Delivery error:

From: Mail Delivery System
Subject: Undelivered Mail Returned to Sender
Quote:
This is the Postfix program at host linux.domain.com.

I'm sorry to have to inform you that your message could not be be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can delete your own text from the attached returned message.

The Postfix program

<tester@testvirus.org>: host mx1.emailsrvr.com[207.xxx.xxx.xxx] said: 554 5.1.8
<domain_username@linux.domain.com>: Sender address
rejected: Domain not found (in reply to RCPT TO command)
Tests that went undetected:

Test #5: EICAR virus sent using BinHex encoding (this is a rarely used Macintosh mail format)

Test #15: No information because a resident AV (NOD32) caught it even though I turn it off.

Test #16: EICAR virus hidden using the "CR Vulnerability" *

Test #18: EICAR virus within ZIP file hidden using the "Blank Folding Vulnerability"

Test #23: (Non-Virus): Test for the "Partial (Fragmented) Vulnerability". This does not include the EICAR virus, however your mail server should still block this since a virus can use this technique to break itself into multiple emails, bypassing virus scanners, and reassembling itself in your inbox. **

Test #24: (Non-Virus): Attachment with a CLSID extension which may hide the real file extension. This does not include the EICAR virus, however your mail server should still block this since the CLSID technique can be used to hide the true extension of a malicious file. ***

The "Undelivered Mail" is most important to me since it uses alot of resources and it will also solve some Undelivered Mail errors not related to the above tests. However i'm a bit conserned about the other tests that got though.
Reply With Quote
Sponsored Links
  #2  
Old 20th August 2005, 10:09
till till is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 36,733
Thanks: 840
Thanked 5,597 Times in 4,407 Posts
Default

Quote:
Originally Posted by domino
I went over to http://www.webmail.us/testvirus and sent myself some eicar. I received the tests but some tests may have gotten though and some derivery errors also occured which i would like to resolve.

Mail Delivery error:

From: Mail Delivery System
Subject: Undelivered Mail Returned to Sender


Tests that went undetected:

Test #5: EICAR virus sent using BinHex encoding (this is a rarely used Macintosh mail format)

Test #15: No information because a resident AV (NOD32) caught it even though I turn it off.

Test #16: EICAR virus hidden using the "CR Vulnerability" *

Test #18: EICAR virus within ZIP file hidden using the "Blank Folding Vulnerability"

Test #23: (Non-Virus): Test for the "Partial (Fragmented) Vulnerability". This does not include the EICAR virus, however your mail server should still block this since a virus can use this technique to break itself into multiple emails, bypassing virus scanners, and reassembling itself in your inbox. **

Test #24: (Non-Virus): Attachment with a CLSID extension which may hide the real file extension. This does not include the EICAR virus, however your mail server should still block this since the CLSID technique can be used to hide the true extension of a malicious file. ***

The "Undelivered Mail" is most important to me since it uses alot of resources and it will also solve some Undelivered Mail errors not related to the above tests. However i'm a bit conserned about the other tests that got though.
The clamAV antivirus is called trough the trashscan scrpt (also part of the ClamAV project):

/home/admispconfig/ispconfig/tools/clamav/bin/trashscan

The Template for trashscan is here:

/root/ispconfig/isp/conf/trashscan.master
Reply With Quote
  #3  
Old 20th August 2005, 10:54
domino domino is offline
Senior Member
 
Join Date: Aug 2005
Posts: 364
Thanks: 0
Thanked 10 Times in 9 Posts
Default

Thanks till, I've looked through the files you ponted to and I don't think I should touch them. I don't see any reason to. I was just wondering why I keep getting this message..
Quote:
rejected: Domain not found (in reply to RCPT TO command)
Unless I missed an email setting somewhere, all my log emails either get forwarded to my real domain email, or configured to send directly to my real domain email. In all likelyhood, I didn't set something to be forwarded to my real email. It's just I can't pinpoint where it could be.
Reply With Quote
  #4  
Old 20th August 2005, 16:39
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,747 Times in 2,578 Posts
Default

You could do a
Code:
dig linux.domain.com
to find out if your system resolves that domain.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #5  
Old 20th August 2005, 17:45
domino domino is offline
Senior Member
 
Join Date: Aug 2005
Posts: 364
Thanks: 0
Thanked 10 Times in 9 Posts
Default

Quote:
Originally Posted by falko
You could do a
dig linux.domain.com to find out if your system resolves that domain.
Yes, I have done that and the system resolves to the correct domain. I bet there is a setting somewhere that I haven't seen that will change the default root email to another user email on the system.
Reply With Quote
  #6  
Old 16th February 2006, 15:10
teleriddler teleriddler is offline
Junior Member
 
Join Date: Dec 2005
Posts: 27
Thanks: 0
Thanked 0 Times in 0 Posts
 
Exclamation Admin account for site, only one exhibitng same mail problem

After reading through the thread here I am experiencing the same problem. All my other accounts for this domain work fine with mail from internal and external addresses. Disabling antivirus through the user's interface in ISPConfig fixed the "No Sender" "No Subject" problem.

The only thing different with this account is that it is the admin account for the domain. I am wondering if this is a bug, since the admin account mail is handled differently that the others.

So to recap, I have a domain with all mail working for all users except the admin account. Mail comes in with "No Sender" "No Subject" when antivirus is enabled through the admin users' ISPConfig interface. I have mailscan, spam and antivirus enabled for all users working perfectly. For the admin account I have mailscan and spam turned on and mail comes through. As soon as antivirus is turned on I start to experience the same problems.

Any thoughts?

TeleRiddler

Last edited by teleriddler; 17th February 2006 at 23:43.
Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 02:36.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.