1

Topic: Quarantine with INFECTED, message contains virus - empty

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 3.7
- Deployed with iRedMail Easy or the downloadable installer? No
- Linux/BSD distribution name and version: Ubuntu 14.04.6 LTS
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

Some emails from outside are stucked in Quarantine by Virus tag, but not Spam.... and empty Virus field.

X-Amavis-Alert     INFECTED, message contains virus:
X-Spam-Flag     NO
X-Spam-Score     0
X-Spam-Level    
X-Spam-Status     No, score=x tag=x tag2=x kill=x tests=[] autolearn=unavailable

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2

Re: Quarantine with INFECTED, message contains virus - empty

Sorry i don't quite understand the issue, could you capture some screenshot to help me understand the issue?

3 (edited by labasus 2019-10-31 07:04:13)

Re: Quarantine with INFECTED, message contains virus - empty

ZhangHuangbin wrote:

Sorry i don't quite understand the issue, could you capture some screenshot to help me understand the issue?

iRedmail Quarantine email header example screenshot attached....

After some investigation in mail.log and clamav.log, I've found that VIRUS detected by unofficial clamav DB - MBL_43009968.UNOFFICIAL

There are others quarantines emails with other MBL are showing in X-Amavis-Alert correctly, but this one - are always hidden empty, only deeping in to log's can found False Positive MBL.

Post's attachments

1572474355325.png
1572474355325.png 33.3 kb, file has never been downloaded. 

You don't have the permssions to download the attachments of this post.