Help - Search - Members - Calendar
Full Version: Dr. Web: Virus got filtered, but no notification to sender/recpt.
The Planet Forums > Control Panels > Plesk
insel
Feb 7 2005, 07:38 AM
Hi.

I have one problem with mails with a virus attatchment: The virus gets recognized by drweb and the mail is not delivered - and neither the recipient nor the sender is informed about this action. I also cant find the infected file in /var/qmail/infected.

From /etc/drweb/drweb_qmail.conf

[VirusNotifications]
# Enable or disable sending notifications to persons (yes/no)
SenderNotify = yes
AdminNotify = yes
RcptsNotify = yes

I do get an e-mail to postmaster@server:

--- Dr.Web report ---

The original message was stored in archive record named:
file was not created


Any hints?
insel

(We have a plesk Plesk 7.5.2 with Premium Licence from ev1)
insel
Feb 8 2005, 07:25 AM
Virus and the complete mail got deleted. Only postmaster gets an information. Deleteing mails without even an information about it is really bad...

I can send a virus to one account on our plesk-server at ev1 - and the virus gets deleted with the complete email. But neither the sender nor the rcpt. is informed about that. Only postmaster@server will get an email...

I found this in my logfile:

qmail-queue: dwlib[15678]: scan: the message(drweb.tmp.01vxGJ) sent by x to y has NOT been quarantined because contains only non-quarantinable viruses
qmail-queue: dwlib[15680]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
qmail-queue: dwlib[15678]: notify(rcpts): about the message(drweb.tmp.01vxGJ) sent by x to y is blocked because contains non-notificable viruses
qmail-queue: dwlib[15678]: notify(sender): about the message(drweb.tmp.01vxGJ) sent by x to y is blocked because contains non-notificable viruses
qmail-queue: dwlib[15678]: scan: the message(drweb.tmp.01vxGJ) sent by x to y infected with Win32.HLLM.Sober
qmail-queue: dwlib[15683]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)

What does "only non-quarantinable viruses" and "contains non-notificable viruses" mean?

Why is Win32.HLLM.Sober non-quarantinable? Why is Win32.HLLM.Sober non-notificable?

All emails do have drweb enabled.
insel
Feb 9 2005, 04:50 AM
I found the reason in /etc/drweb/viruses.conf

You can define viruses there, for which notifications/no notifications are sent to admin, sender and rctps. Also weather a file is quarantined or not.

Deleting mails without a notice to (at least) the recipient is a bad default I think.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2009 Invision Power Services, Inc.