Plesk 11.5, Kaspersky, outgoing emails are not being scanned for Viruses.

[ArshadM]

I installed Kaspersky with valid unlimited email account license on Plesk 11.5.

Incoming emails are being scanned for viruses but outgoing emails are not being scanned for viruses.

I have been using Postfix. I thought this is the problem with Postfix only. Therefore, changed MTA to QMAIL and run /usr/local/psa/admin/sbin/mchk --with-spam but still outgoing emails are not scanned for viruses with QMAIL also.

Now changed the MTA back to Postfix.

How to rectify this problem so that the outgoing emails are scanned for viruses.

 

[IgorG]

Do you have enabled option "Check for viruses incoming and outgoing mail" for this email account?

 

[ArshadM]

Yes. Switch on antivirus protection for this email address is enabled for both incoming and outgoing mail.

After your post. I have also checked by disabling and enabling the antivirus protection for the email account/s but still the same result, outgoing email is not scanned for virus protection.

It is Plesk 11.5 Linux based Centos 6.5

 

[ArshadM]

IgorG. Can you please help on this matter.

One other thing which I have noticed is that when using MTA as QMAIL and run /usr/local/psa/admin/sbin/mchk --with-spam and when in Control Panel already Kaspersky is set as used Anitvirus, both incoming & outgoing emails are not scanned for viruses with Kaspersky.

However, after selecting used antivirus to None and again selecting it to back to Kaspersky, the incoming emails start to get scanned for anitvirus through Kaspersky. However, outgoing emails are still not scanned.

I think this issue is related to setting the mail handler and is applicable to all Plesk 11.5 users and I am not the only one facing this problem.

 

[IgorG]

Try to enable checking for specific email with

# /usr/local/psa/admin/bin/kavmng add both [email protected]

and check how it goes on.

 

[ArshadM]

The command finished successfully for the email address I have chosen. However, the result is the same the outgoing emails are not being scanned by Kaspersky while incoming are being scanned for antivirus.

I have checked by sending email through the port 25 as well as port 465.

 

[IgorG]

Please clarify how exactly do you determine what outgoing email was not scanned?

 

[ArshadM]

By sending the EICAR test file & also by sending virus already known to Kaspersky to my hotmail account. The virus is not detected. I have also checked the mail log there is no scanning of the outgoing emails whereas only incoming emails are being scanned.

When the same email with virus is sent from [email protected] to hotmail account with CC to [email protected] (domain.com hosted in the Plesk panel and both [email protected] & [email protected] are protected with Kaspersky antivirus for incoming and outgoing emails), Kaspersky detects the incoming virus and and a notification 550 5.7.1 Command rejected is received in the sender inbox and also an email is received on the administrator/receiver account (depends on settings) for the incoming email as virus. However, there is no notification for the outgoing email with virus which is sent at hotmail account.

Have you checked this matter on any installation of Plesk 11.5 on your side/another system ?

 

[ArshadM]

By sending the EICAR test file & also by sending virus already known to Kaspersky to my hotmail account. The virus is not detected. I have also checked the mail log there is no scanning of the outgoing emails whereas only incoming emails are being scanned.

If the same email with virus being sent at hotmail account is also sent as CC to the email account hosted in the plesk panel the incoming email with virus is detected and a notification is received. However, the outgoing email to hotmail account is not detected with virus.

Have you checked this matter on any installation of Plesk 11.5 on your side/another system ?

 

[IgorG]

Try to check corresponding handlers:

[root@ppu11-5 ~]# /usr/local/psa/admin/bin/mail_handlers_control --list
.---.---.-------.--------------------------------------.-----------------.------------------.---------------.
| E | P | prior | address | name | type | queue |
|---|---|-------|--------------------------------------|-----------------|------------------|---------------|
| | | 10 | all | spf | global | before-queue |
| | | 30 | all | sender-ip | global | before-queue |
| X | | 10 | all-recipients | check-quota | global | before-queue |
| X | | 10 | [email protected] | spam | recipient | before-local |
'---'---'-------'--------------------------------------'-----------------'------------------'---------------'
[root@ppu11-5 ~]#
[root@ppu11-5 ~]# /usr/local/psa/admin/bin/kavmng add both [email protected]
[root@ppu11-5 ~]# /usr/local/psa/admin/bin/mail_handlers_control --list
.---.---.-------.--------------------------------------.-----------------.------------------.---------------.
| E | P | prior | address | name | type | queue |
|---|---|-------|--------------------------------------|-----------------|------------------|---------------|
| | | 10 | all | spf | global | before-queue |
| | | 30 | all | sender-ip | global | before-queue |
| X | | 10 | all-recipients | check-quota | global | before-queue |
| X | | 10 | [email protected] | spam | recipient | before-local |
| X | | 20 | [email protected] | kav-snd | sender | before-remote |
| X | | 20 | [email protected] | kav-rcpt | recipient | before-queue |
'---'---'-------'--------------------------------------'-----------------'------------------'---------------'
[root@ppu11-5 ~]#

 

[ArshadM]

I have checked through /usr/local/psa/admin/bin/mail_handlers_control --list and also the mail log based on "kav-snd" / PASS during call 'kav-snd' handler.

I found out that the emails which are being sent with the same sender email address and login ID than the outgoing emails is being scanned. I am now able to rectify the problem.

The issue has been that we use alias & forward on many email accounts with no mailbox such as [email protected], [email protected], [email protected] etc and use the [email protected] & [email protected] as sender & reply email address in the outlook email account. Though each user personal login ID was protected for both incoming & outgoing emails but the [email protected], [email protected] etc was not enabled for outgoing email scan considering that no one can login and send email through this email account as having no mailbox.

Once the antivirus protection for both incoming & outgoing has been enabled for the accounts that have alias & forward, the outgoing emails with address as [email protected], [email protected] etc start to get scan for the viruses.

It is understood that email scanning is based on the sender email account and not based on login id.

Thank your very much for your useful support.