Dr. Web, virus mails get filtered, no information sent to sender/rcpt.

[insel]

Hi.

I have one problem with drweb: I can send a virus to one account - and the virus gets deleted with the complete email. But neither the sender nor the rcpt. is informed about that. Only postmaster@server will get an email...

I found this in my logfile:

qmail-queue: dwlib[15678]: scan: the message(drweb.tmp.01vxGJ) sent by x to y has NOT been quarantined because contains only non-quarantinable viruses
qmail-queue: dwlib[15680]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)
qmail-queue: dwlib[15678]: notify(rcpts): about the message(drweb.tmp.01vxGJ) sent by x to y is blocked because contains non-notificable viruses
qmail-queue: dwlib[15678]: notify(sender): about the message(drweb.tmp.01vxGJ) sent by x to y is blocked because contains non-notificable viruses
qmail-queue: dwlib[15678]: scan: the message(drweb.tmp.01vxGJ) sent by x to y infected with Win32.HLLM.Sober
qmail-queue: dwlib[15683]: mail: all addreses are uncheckable - need to skip scanning (by deny mode)

What does "contains only non-quarantinable viruses", "all addreses are uncheckable" and "contains non-notificable viruses" mean?

All emails do have drweb enabled.

I'm useing Plesk 7.5.2 (updated from 7.1.x -> 7.1.6 -> 7.5.1 -> 7.5.2) on RHEL 3.

# rpm -q drweb drweb-qmail
drweb-4.32.2-rh7_psa
drweb-qmail-4.32-rhel3.build75050130.17

 

[insel]

Found it...

I found the reason in /etc/drweb/viruses.conf

You can define viruses there, for which notifications/no notifications are sent to admin, sender and rctps. Also if a file is quarantined or not.

I used a virus for testing, which had only "notify the admin" enabled there.

Deleting mails without a notice to (at least) the recipient is a bad default I think. (I'm glad, that i tested it with the right type of virus.)

insel