I have a temporary solution proposed to me by Astaro support. It seems the bug is in the ClamAV scanner, so switching this off and just leaving Kaspersky on might alleviate the problem until 6.102 is released.
Also Astaro have confirmed that can now reproduce the problem and therefore it should be fixed shortly.
I see during the install process for 6.102 it shuts down the ClamAV daemon, but nothing seems to be mentioned in the documentation about fixing this issue. Is this issue going to be resolved in this update? I suppose time will tell.
I see during the install process for 6.102 it shuts down the ClamAV daemon, but nothing seems to be mentioned in the documentation about fixing this issue. Is this issue going to be resolved in this update? I suppose time will tell.
This is the mesage in the Mail that returned from the firewall:
This message was created automatically by the SMTP relay on mail.xyz.com.
A message that you sent could not be delivered to all of its recipients. The following address(es) failed:
hund@baum.ch SMTP error from remote mailer after end of data: host mail.baum.ch [x.x.x.x]: 550 Contains malware (Unknown)
------ This is a copy of the message, including all the headers. ------
Return-path: Received: from [172.16.1.1] (helo=server.xyz.com) by firewall.xyz.com with esmtp (Exim 4.43) id 1Em91Y-0008Dv-K4 for hund@baum.ch; Tue, 13 Dec 2005 13:12:52 +0100 Received: from mail.xyz.com ([172.16.1.2]) by server.xyz.com with Microsoft SMTPSVC(6.0.3790.1830); Tue, 13 Dec 2005 13:14:17 +0100 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.1830 Content-class: urn:content-classes:message MIME-Version: 1.0 Content-Type: multipart/alternative; boundary="----_=_NextPart_001_01C5FFDE.BD813676" Subject: test Content-Transfer-Encoding: 7bit Date: Tue, 13 Dec 2005 13:14:17 +0100 Message-ID: X-MS-Has-Attach: X-MS-TNEF-Correlator: Thread-Topic: test Importance: normal Priority: normal thread-index: AcX/3r1h0iMAPhzaT8iRRh29P47cVA== From: "User" To: "Hund" X-OriginalArrivalTime: 13 Dec 2005 12:14:17.0751 (UTC) FILETIME=[BD874A70:01C5FFDE] X-LOC-Source-is-local: Yes (User:[] Addr:[172.16.1.1]) X-LOC-Sender-is-local: Yes (xyz.com)
Just wanted to chime in and say that we're having the exact same problem. PDF files are getting misidentified as EXE files and are getting blocked. We get the exact "X-Contains-File: exe (blacklisted)" message.
[ QUOTE ] I also have this problem.
I've got messages being rejected with this message: X-Contains-File: exe (blacklisted)
But this is not the case. The attachment contains html & a few .gif images, this should not be blocked.
For now I've put the sending mailserver in a whitelist, lets see if this works. (temporarily)
I'm now using 'quarantine' instead of 'reject', every day I have to go throught the proxy manager content to *MANUALLY* check all the items marked as 'FILE'.
Is anyone at Astaro reading this ? Should I open an issue somewhere ?
ps. I'm a registered user ( 2 licenses for 100 users) if that helps.
This is a known issue and is planned to fix in the next version. the problem is that astaro scanned the fileextension as well as the Content-Type. sometimes the content-type is not correct thereby pdf-files getting blocked as exe
