1. Please take a little time for this simple survey! Thank you for participating!
    Dismiss Notice

Dr. Web, virus mails get filtered, no information sent to sender/rcpt.

Discussion in 'Plesk for Linux - 8.x and Older' started by insel, Feb 7, 2005.

  1. insel

    insel Guest

    0
     
    Hi.

    I have one problem with drweb: I can send a virus to one account - and the virus gets deleted with the complete email. But neither the sender nor the rcpt. is informed about that. Only postmaster@server will get an email...

    I found this in my logfile:

    qmail-queue: dwlib[15678]: scan: the message(drweb.tmp.01vxGJ) sent by x to y has NOT been quarantined because contains only non-quarantinable viruses
    qmail-queue: dwlib[15680]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
    qmail-queue: dwlib[15678]: notify(rcpts): about the message(drweb.tmp.01vxGJ) sent by x to y is blocked because contains non-notificable viruses
    qmail-queue: dwlib[15678]: notify(sender): about the message(drweb.tmp.01vxGJ) sent by x to y is blocked because contains non-notificable viruses
    qmail-queue: dwlib[15678]: scan: the message(drweb.tmp.01vxGJ) sent by x to y infected with Win32.HLLM.Sober
    qmail-queue: dwlib[15683]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)

    What does "contains only non-quarantinable viruses", "all addreses are uncheckable" and "contains non-notificable viruses" mean?

    All emails do have drweb enabled.

    I'm useing Plesk 7.5.2 (updated from 7.1.x -> 7.1.6 -> 7.5.1 -> 7.5.2) on RHEL 3.

    # rpm -q drweb drweb-qmail
    drweb-4.32.2-rh7_psa
    drweb-qmail-4.32-rhel3.build75050130.17
     
  2. insel

    insel Guest

    0
     
    Found it...

    I found the reason in /etc/drweb/viruses.conf

    You can define viruses there, for which notifications/no notifications are sent to admin, sender and rctps. Also if a file is quarantined or not.

    I used a virus for testing, which had only "notify the admin" enabled there.

    Deleting mails without a notice to (at least) the recipient is a bad default I think. (I'm glad, that i tested it with the right type of virus.)

    insel
     
Loading...