Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 10 replies
  • Subscribers 1 subscriber
  • Views 1136 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[6.303] SMTP AV does not catch Virus

Alvin
I have a Cable Modem Connection and my SMTP Proxy is configured to use my ISP as the smarthost.

On the SMTP Proxy, I only made changes to 

1) Allow Relay from my LAN and IPSEC Network.

2) Transparent Mode ON.

3) Virus Protection ON

4) Action Quarantine

5) DoS Protection ON

6) Smart Host = ISP SMTP 


I send a Test mail with Eicar.com file and it went thru.
I checked the received mail headers and it did go thru Astaro Gateway.

Then why is it not catching the Virus ?


This thread was automatically locked due to age.
Parents
  • 0
    What does SMTP Log say?
    Which address have you entered as Postmaster Address?
    Did you send the mail to that address?
  • 0 in reply to SveN_01
    Which Eicar file did you use?  If you used the archive w/ password file, that won't be scanned; most (if not all) AV engines won't brute force open a password protected .zip file to examine the contents.. that said, a nice option would be to have the Astaro quarantine such emails instead of just sending them through--though I've seen that kind of behavior with other AV engines.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Reply
  • 0 in reply to SveN_01
    Which Eicar file did you use?  If you used the archive w/ password file, that won't be scanned; most (if not all) AV engines won't brute force open a password protected .zip file to examine the contents.. that said, a nice option would be to have the Astaro quarantine such emails instead of just sending them through--though I've seen that kind of behavior with other AV engines.

    CTO, Convergent Information Security Solutions, LLC

    https://www.convergesecurity.com

    Advice given as posted on this forum does not construe a support relationship or other relationship with Convergent Information Security Solutions, LLC or its subsidiaries.  Use the advice given at your own risk.

Children
No Data
Cookie Information Banner