1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice
  2. Dear Pleskians, please read this carefully! New attachments and other rules Thank you!
    Dismiss Notice

Dr. Web, virus mails get filtered, no information sent to sender/rcpt.

Discussion in 'Plesk for Linux - 8.x and Older' started by insel, Feb 7, 2005.

  1. insel

    insel Guest

    0
     
    Hi.

    I have one problem with drweb: I can send a virus to one account - and the virus gets deleted with the complete email. But neither the sender nor the rcpt. is informed about that. Only postmaster@server will get an email...

    I found this in my logfile:

    qmail-queue: dwlib[15678]: scan: the message(drweb.tmp.01vxGJ) sent by x to y has NOT been quarantined because contains only non-quarantinable viruses
    qmail-queue: dwlib[15680]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
    qmail-queue: dwlib[15678]: notify(rcpts): about the message(drweb.tmp.01vxGJ) sent by x to y is blocked because contains non-notificable viruses
    qmail-queue: dwlib[15678]: notify(sender): about the message(drweb.tmp.01vxGJ) sent by x to y is blocked because contains non-notificable viruses
    qmail-queue: dwlib[15678]: scan: the message(drweb.tmp.01vxGJ) sent by x to y infected with Win32.HLLM.Sober
    qmail-queue: dwlib[15683]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)

    What does "contains only non-quarantinable viruses", "all addreses are uncheckable" and "contains non-notificable viruses" mean?

    All emails do have drweb enabled.

    I'm useing Plesk 7.5.2 (updated from 7.1.x -> 7.1.6 -> 7.5.1 -> 7.5.2) on RHEL 3.

    # rpm -q drweb drweb-qmail
    drweb-4.32.2-rh7_psa
    drweb-qmail-4.32-rhel3.build75050130.17
     
  2. insel

    insel Guest

    0
     
    Found it...

    I found the reason in /etc/drweb/viruses.conf

    You can define viruses there, for which notifications/no notifications are sent to admin, sender and rctps. Also if a file is quarantined or not.

    I used a virus for testing, which had only "notify the admin" enabled there.

    Deleting mails without a notice to (at least) the recipient is a bad default I think. (I'm glad, that i tested it with the right type of virus.)

    insel
     
Loading...