Results 1 to 2 of 2

Thread: ZCS 6.0.4: ClamAV detects virus in clean .exe, but only sometimes?

  1. #1
    Pascal is offline Member
    Join Date
    Apr 2009
    Posts
    13
    Rep Power
    5

    Default ZCS 6.0.4: ClamAV detects virus in clean .exe, but only sometimes?

    Hi there,

    I have a quite weird problem here.

    Before I start: My boss _really_ wants to send and receive exe files, and I couldn't convince him otherwise, so, as much as I would like to just let my users host their files somewhere on the internet and only mail a link, that is not possible.

    So, I made sure that amavis doesn't ban .exe extensions and mailed some of them around to make sure it works.

    So today, I got an angry mail in my inbox, saying that he wasn't able to send around .exe files. He attached the error message:

    Code:
    VIRUS ALERT
    
    Our content checker found
        virus: Encrypted.Zip
    
    in an email to you from probably faked sender:
      ?@[79.224.xxx.xxx]
    claiming to be: <xxx@xxxx.de>
    
    Content type: Virus
    Our internal reference code for your message is 14233-07/XxeEgH3XtiP3
    
    First upstream SMTP client IP address: [79.224.xxx.xxx]
      pxxxxxxxx.xxx.t-dialin.net
    According to a 'Received:' trace, the message apparently originated at:
      [79.224.xxx.xxx], [192.168.xxx.xxx] pxxxxxxx.xxx.t-dialin.net [79.224.xxx.xxx]
    
    Return-Path: <xxx@xxxx.de>
    From: "xxxxxxxxxxxxxx" <xxx@xxxx.de>
    Message-ID: <4B560C94.8070101@xxxx.de>
    User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.5)
      Gecko/20091204 Thunderbird/3.0
    Subject: fsfsdfsd
    The message has been quarantined as: virus-XxeEgH3XtiP3
    
    Please contact your system administrator for details.
    Weird... It wasn't a zip file.

    And I am perfectly able to send around exe files using the Zimbra web client.

    Does this make any sense to you? Maybe there is something wrong with his mail client?


    thanks,
    Pascal

  2. #2
    uxbod's Avatar
    uxbod is offline Moderator
    Join Date
    Nov 2006
    Location
    UK
    Posts
    8,016
    Rep Power
    24

    Default

    Would you find the entries in /var/log/zimbra.log for the SMTP transactions and post the details so we can see what Amavis was doing.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. ZCS 6.0.4 clean install error
    By stich86 in forum Installation
    Replies: 11
    Last Post: 12-17-2009, 09:56 AM
  2. Trouble Sending mail - All Messages deferred!
    By SiteDiscovery in forum Administrators
    Replies: 7
    Last Post: 09-03-2009, 04:52 AM
  3. Mail is being queued, not delivered!
    By icepick94 in forum Administrators
    Replies: 12
    Last Post: 01-22-2009, 07:03 AM
  4. ZCS 3.2 Beta Available
    By KevinH in forum Announcements
    Replies: 31
    Last Post: 07-07-2006, 03:46 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •