Quantcast

Virus attachments detected but not blocked

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
2 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Virus attachments detected but not blocked

ovidiux
This post has NOT been accepted by the mailing list yet.
This post was updated on .
Hello,
I have installed latest ASSP today and it's working great except one small issue. I have configured ClamAV with SaneSecurity. The issue is that virus attachments are detected by ClamAV/SaneSecurity but is processed after the message was already sent to destination recipient instead (!) I could not figure out why...

Example log:
Jan-26-17 22:45:25 [Main_Thread] Info: no configuration changes detected - nothing to save - file c:/ASSP/assp.cfg is unchanged
Jan-26-17 22:45:50 m1-63549-12168 [Worker_1] 98.138.91.17 <external@yahoo.com> to: internal@localdomain.com DKIM-Signature found
Jan-26-17 22:45:50 m1-63549-12168 [Worker_1] 98.138.91.17 <external@yahoo.com> to: internal@localdomain.com Message-Score: added -4 for 98.138.91.0 in griplist (0.02), total score for this message is now -4
Jan-26-17 22:45:50 m1-63549-12168 [Worker_1] 98.138.91.17 <external@yahoo.com> to: internal@localdomain.com [scoring] DKIM signature verified-OK - header-passed - sender policy is: neutral - author policy is: neutral
Jan-26-17 22:45:50 m1-63549-12168 [Worker_1] 98.138.91.17 <external@yahoo.com> to: internal@localdomain.com info: domain yahoo.com has published a DMARC record
Jan-26-17 22:45:50 m1-63549-12168 [Worker_1] 98.138.91.17 <external@yahoo.com> to: internal@localdomain.com Message-Score: added -10 (spfpValencePB) for SPF pass, total score for this message is now -14
Jan-26-17 22:45:51 m1-63549-12168 [Worker_1] [MessageOK] 98.138.91.17 <external@yahoo.com> to: internal@localdomain.com message ok [2323423]
Jan-26-17 22:45:54 m1-63549-12168 [Worker_1] 98.138.91.17 <external@yahoo.com> to: internal@localdomain.com ClamAV: scanned 99959 bytes in file c:/ASSP/notspam/2323423--30.eml - FOUND Win.Tool.Mailpassview-82
Jan-26-17 22:45:54 m1-63549-12168 [Worker_1] 98.138.91.17 <external@yahoo.com> to: internal@localdomain.com Message-Score: added 155 (vdValencePB) for virus detected: 'Win.Tool.Mailpassview-82', total score for this message is now 141

Is not supposed to wait before viruscheck to see if it's ok or not?

Thanks!
Ovidiu
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Virus attachments detected but not blocked

ovidiux
This post has NOT been accepted by the mailing list yet.
Hello,
Finally managed this issue!
I have to install ASSP_AFC plugin and enable it from ASSP admin page.
Thanks!
Loading...