Jump to content

Wrong behavior after upgrade from Mail Security for Linux


Recommended Posts

Hi,

i have a question because i once tried to update our Eset Mail Security for Linux on a debian based machine from version 4.0.10 to 4.5.3.

I opened a support case at the german support team by mail in january, but they did not reply to me. I hope someone here can help me.

After the upgrade to 4.5.3 the behavior differs from the state before.

I tried to send the eicar test virus to my internal test account. With the old version 4.0.10 the recipient gets the cleaned up mail, the "full" mail goes into the quarantine. The daemon_notification_script was called and sent a mail to the administrator.
After the upgrade, the recipient did not get the cleaned mail and there was no mail in the quarantine. The daemon_notification_script was executed and send a mail to the specified administrator.

The upgrade script which migrates the esets.cfg config file produces a backup. Both files differ not on the corresponding lines. Only our quotation marks in the templates (av_eml_footnote_template_infected and av_eml_footnote_template_notscanned) were changed.

Our goal is, that the local recipient gets a notification mail that somebody tried to send a message to him or that the local recipient gets the cleaned up mail. A notification mail should be sent to an administrator.
In each case, we want to have the possibility to inspect the original mail and to forward or to delete it if we want to.

This is our config-file:

av_quarantine_enabled = yes
av_scan_smart = yes
action_av = "scan"
action_av_infected = "discard"
action_av_notscanned = "accept"
action_av_deleted = "discard"
action_as = "accept"
action_as_spam = "accept"
action_as_notscanned = "accept"
av_eml_subject_modification_mask = "cleaned:deleted:infected:notscanned"
av_eml_header_modification_mask = "clean:cleaned:deleted:infected:notscanned"
av_eml_footnote_modification_mask = "infected:notscanned"
av_eml_header_template = "%avstatus%"
av_eml_subject_template = "[verdaechtige Email]"
av_clean_mode = "standard"

This is the notification mail, send by the daemon_notification_script with version 4.0.10
 

 USERSPEC: recipient@domain.de|sender@domain.de
     MSGID:
    SENDER: Sender
RECIPIENT: Recipient
AV_STATUS: clean (cleaned)
    ACTION: accepted
     VIRUS: Eicar test file
       LOG: vdb=26541, agent=smtp, name="from: Sender to: Recipient with
subject AW: Test dated Tue, 3 Nov 2015 13:34:16 +0100 ", virus="Eicar test file",
action="quarantined - contained infected files", info="", avstatus="clean (cleaned)",
hop="accepted"

and this is the notification mail after the upgrade to version 4.5.3
 

  USERSPEC: recipient@domain.de|sender@domain.de
     MSGID: <zarafa.56a2071c.7db5.46db4c753790cbb9@mailserver.domain.de>
    SENDER:
RECIPIENT:
AV_STATUS: infected
    ACTION: discarded
     VIRUS: Eicar test file
       LOG: vdb=27763, agent=smtp, name="dated Fri, 22 Jan 2016 11:40:28 +0100 ",
virus="Eicar test file", action="unable to clean", info="", avstatus="infected",
hop="discarded"

Has anyone an idea? I cannot update to the new version as long as this behaviour is not corrected.

thx and best Regards
mmww
 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...