1 Topic by andy_ciszek (edited by andy_ciszek 2015-08-25 02:20:29)

  • andy_ciszek
  • Member
  • Offline
  • Registered: 2015-08-25
  • Posts: 3

Topic: Viruses no longer showing up in quarantine.

==== Required information ====
- iRedMail version (check /etc/iredmail-release): 2.1.3
- Linux/BSD distribution name and version: ubuntu 14.04
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): MySQL
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- Related log if you're reporting an issue:
====

When I first set up iRedAdmin-Pro, I tested it using http://www.aleph-tec.com/eicar/, and the test viruses went to the Virus quarantine as I expected.  But that is no longer true.  In fact, it apparently hasn't detected any viruses at all for a while.  The freshclam.log is showing that the virus definitions are being updated every hour.  The clamav.log is empty.  My /etc/amavis/conf.d/50-user is set up according to "quarantining.html" in the iRedMail documentation.  Any idea how I can get this working again?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Viruses no longer showing up in quarantine.

May i know how you confirm that it doesn't work?

3 Reply by andy_ciszek

  • andy_ciszek
  • Member
  • Offline
  • Registered: 2015-08-25
  • Posts: 3

Re: Viruses no longer showing up in quarantine.

ZhangHuangbin wrote:

May i know how you confirm that it doesn't work?

I go to http://www.aleph-tec.com/eicar/ and send myself the test virus (eicar.com + Clean notification e-mail).  Nothing shows up in "Quarantined Mails".  The clean notification comes through, but the test virus email is apparently blocked, because it doesn't show up in "Received Mails" or "Quarantined Mails".  But it used to show up in Quarantined Mails with a Kind of "Virus" when I ran this test before.

Also, my Dashboard always shows Virus = 0, which I find suspicious.

If there is a better way to test the virus quarantine, please let me know.

4 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Viruses no longer showing up in quarantine.

Could you please show us log related to this testing email in /var/log/mail.log?

5 Reply by andy_ciszek

  • andy_ciszek
  • Member
  • Offline
  • Registered: 2015-08-25
  • Posts: 3

Re: Viruses no longer showing up in quarantine.

This is what I see in the log:

Aug 31 02:52:13 mx postfix/qmgr[1582]: 2239229FF4: from=<eicar@aleph-tec.com>, size=2720, nrcpt=1 (queue active)
Aug 31 02:52:13 mx amavis[1758]: (01758-10) Passed CLEAN {RelayedInternal}, MYUSERS LOCAL [205.233.73.32]:43452 [205.233.73.32] <eicar@aleph-tec.com> -> <andy@mtntop.com>, Queue-ID: CD99529FF3, Message-ID: <201508310251.t7V2pQiW020524@1893.web>, mail_id: kN8cZgGFe3BN, Hits: -1.901, size: 2062, queued_as: 2239229FF4, 9866 ms

6 Reply by ZhangHuangbin

  • ZhangHuangbin
  • ZhangHuangbin
  • iRedMail Developers
  • Offline
  • Registered: 2009-05-06
  • Posts: 31,088

Re: Viruses no longer showing up in quarantine.

I tested with http://www.aleph-tec.com/eicar/ , received 2 emails with attachment. The problem is, the attachment is protected by a password, and Amavisd cannot extract the file. that's why it was bypassed virus scanning.