clamav functionality

[domino]

I went over to http://www.webmail.us/testvirus and sent myself some eicar. I received the tests but some tests may have gotten though and some derivery errors also occured which i would like to resolve.

Mail Delivery error:

From: Mail Delivery System
Subject: Undelivered Mail Returned to Sender

Quote:

This is the Postfix program at host linux.domain.com.

I'm sorry to have to inform you that your message could not be be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to <postmaster>

If you do so, please include this problem report. You can delete your own text from the attached returned message.

The Postfix program

<tester@testvirus.org>: host mx1.emailsrvr.com[207.xxx.xxx.xxx] said: 554 5.1.8
<domain_username@linux.domain.com>: Sender address
rejected: Domain not found (in reply to RCPT TO command)

Tests that went undetected:

Test #5: EICAR virus sent using BinHex encoding (this is a rarely used Macintosh mail format)

Test #15: No information because a resident AV (NOD32) caught it even though I turn it off.

Test #16: EICAR virus hidden using the "CR Vulnerability" *

Test #18: EICAR virus within ZIP file hidden using the "Blank Folding Vulnerability"

Test #23: (Non-Virus): Test for the "Partial (Fragmented) Vulnerability". This does not include the EICAR virus, however your mail server should still block this since a virus can use this technique to break itself into multiple emails, bypassing virus scanners, and reassembling itself in your inbox. **

Test #24: (Non-Virus): Attachment with a CLSID extension which may hide the real file extension. This does not include the EICAR virus, however your mail server should still block this since the CLSID technique can be used to hide the true extension of a malicious file. ***

The "Undelivered Mail" is most important to me since it uses alot of resources and it will also solve some Undelivered Mail errors not related to the above tests. However i'm a bit conserned about the other tests that got though.

[till]

Quote:

Originally Posted by domino

I went over to http://www.webmail.us/testvirus and sent myself some eicar. I received the tests but some tests may have gotten though and some derivery errors also occured which i would like to resolve.

Mail Delivery error:

From: Mail Delivery System
Subject: Undelivered Mail Returned to Sender


Tests that went undetected:

Test #5: EICAR virus sent using BinHex encoding (this is a rarely used Macintosh mail format)

Test #15: No information because a resident AV (NOD32) caught it even though I turn it off.

Test #16: EICAR virus hidden using the "CR Vulnerability" *

Test #18: EICAR virus within ZIP file hidden using the "Blank Folding Vulnerability"

Test #23: (Non-Virus): Test for the "Partial (Fragmented) Vulnerability". This does not include the EICAR virus, however your mail server should still block this since a virus can use this technique to break itself into multiple emails, bypassing virus scanners, and reassembling itself in your inbox. **

Test #24: (Non-Virus): Attachment with a CLSID extension which may hide the real file extension. This does not include the EICAR virus, however your mail server should still block this since the CLSID technique can be used to hide the true extension of a malicious file. ***

The "Undelivered Mail" is most important to me since it uses alot of resources and it will also solve some Undelivered Mail errors not related to the above tests. However i'm a bit conserned about the other tests that got though.

The clamAV antivirus is called trough the trashscan scrpt (also part of the ClamAV project):

/home/admispconfig/ispconfig/tools/clamav/bin/trashscan

The Template for trashscan is here:

/root/ispconfig/isp/conf/trashscan.master

[domino]

Thanks till, I've looked through the files you ponted to and I don't think I should touch them. I don't see any reason to. I was just wondering why I keep getting this message..

Quote:

rejected: Domain not found (in reply to RCPT TO command)

Unless I missed an email setting somewhere, all my log emails either get forwarded to my real domain email, or configured to send directly to my real domain email. In all likelyhood, I didn't set something to be forwarded to my real email. It's just I can't pinpoint where it could be.

[falko]

You could do a

Code:

dig linux.domain.com

to find out if your system resolves that domain.

[domino]

Quote:

Originally Posted by falko

You could do a
dig linux.domain.com to find out if your system resolves that domain.

Yes, I have done that and the system resolves to the correct domain. I bet there is a setting somewhere that I haven't seen that will change the default root email to another user email on the system.

[teleriddler]

After reading through the thread here I am experiencing the same problem. All my other accounts for this domain work fine with mail from internal and external addresses. Disabling antivirus through the user's interface in ISPConfig fixed the "No Sender" "No Subject" problem.

The only thing different with this account is that it is the admin account for the domain. I am wondering if this is a bug, since the admin account mail is handled differently that the others.

So to recap, I have a domain with all mail working for all users except the admin account. Mail comes in with "No Sender" "No Subject" when antivirus is enabled through the admin users' ISPConfig interface. I have mailscan, spam and antivirus enabled for all users working perfectly. For the admin account I have mailscan and spam turned on and mail comes through. As soon as antivirus is turned on I start to experience the same problems.

Any thoughts?

TeleRiddler