shem888 發表於 2018-1-23 15:02:38

寄來有加密 PDF 檔都會擋

如題 ,這個問題已經困擾很久

已經在security-antivirus-antivirus
不選「quarantine messages that cannot be scanned」 但仍會移到Quarantine queue

一定要去Quarantine queue 下按 Re Queue 信件才會被收下,
要如何做 有加密的pdf 信件才不會被移到Quarantine queue ???


Mdaemon 版本 17.5.2
Win2008 server


收到的通知 :

Asof Tue Jan 23 2018 11:37AM there were 1 messages in the queue.
MDaemon Quarantine Queue Summary
ToFromSubjectError typeMessage-IDDate
[email protected]@ms3.hncb.com.tw???????????????ClamAVdetected a password-protected/encrypted file (Heuristics.Encrypted.PDF)<b4bd0452385b2056@8fe3c8cd111d2817>Tue,23 Jan 2018 10:46:06 +0800


Log :
Tue 2018-01-23 10:57:07.871: Session 286442; child 0001
Tue 2018-01-23 10:57:07.871: Accepting SMTP connection from 124.219.27.161:43134 to 192.168.0.1:25
Tue 2018-01-23 10:57:07.874: Performing PTR lookup (161.27.219.124.IN-ADDR.ARPA)
Tue 2018-01-23 10:57:07.877: *D=161.27.219.124.IN-ADDR.ARPA TTL=(42) PTR=
Tue 2018-01-23 10:57:07.877: *D=161.27.219.124.IN-ADDR.ARPA TTL=(42) PTR=
x
x
x 太長省略
x
x
Tue 2018-01-23 10:57:08.064: ---- End DMARC results
Tue 2018-01-23 10:57:08.065: Passing message through AntiVirus (Size: 119420)...
Tue 2018-01-23 10:57:08.083: *Message could not be scanned
Tue 2018-01-23 10:57:08.083: ---- End AntiVirus results
Tue 2018-01-23 10:57:08.084: Passing message through ClamAV Plugin (c:\mdaemon\temp\md50000059747.tmp)...
Tue 2018-01-23 10:57:08.084: *Message-ID: <b4bd0452385b2056@8fe3c8cd111d2817>
Tue 2018-01-23 10:57:08.230: *Virus result: 10 - contains password-protected/encrypted file and could not be scanned - quarantined
Tue 2018-01-23 10:57:08.232: Spam filter scan skipped; message size (119420) exceeds spam filter configured max size of (102400)
Tue 2018-01-23 10:57:08.246: Message creation successful: c:\mdaemon\inbound\md50001336768.msg
Tue 2018-01-23 10:57:08.246: --> 250 2.6.0 Ok, message saved <Message-ID: <b4bd0452385b2056@8fe3c8cd111d2817>>
Tue 2018-01-23 10:57:08.250: <-- QUIT
Tue 2018-01-23 10:57:08.250: --> 221 2.0.0 See ya in cyberspace
Tue 2018-01-23 10:57:08.250: SMTP session successful (Bytes in/out: 121223/2586)
Tue 2018-01-23 10:57:08.251: ----------
Tue 2018-01-23 10:57:11.602: INBOUND message: md50001336768.msg
Tue 2018-01-23 10:57:11.602: *From: 華南銀行個金行銷部 <[email protected]>
Tue 2018-01-23 10:57:11.602: *To: 簡 <[email protected]>
Tue 2018-01-23 10:57:11.602: *Subject: 「華南銀行信用卡每日消費通知」
Tue 2018-01-23 10:57:11.602: *Message-ID: <b4bd0452385b2056@8fe3c8cd111d2817>
Tue 2018-01-23 10:57:11.602: *Size: 120695; c:\mdaemon\localq\md50003110113.msg
Tue 2018-01-23 10:57:11.602: ----------
Tue 2018-01-23 10:57:12.521: SecurityPlus AntiVirus processing c:\mdaemon\localq\md50003110113.msg...
Tue 2018-01-23 10:57:12.521: * Message return-path: [email protected]
Tue 2018-01-23 10:57:12.521: * Message from: [email protected]
Tue 2018-01-23 10:57:12.521: * Message to: [email protected]
Tue 2018-01-23 10:57:12.521: * Message subject: 「華南銀行信用卡每日消費通知」
Tue 2018-01-23 10:57:12.521: * Message ID: <b4bd0452385b2056@8fe3c8cd111d2817>
Tue 2018-01-23 10:57:12.521: Start SecurityPlus AntiVirus results
Tue 2018-01-23 10:57:12.537: * CRDTRNMSG201801221044590041550522.pdf could not be scanned
Tue 2018-01-23 10:57:12.537: * Total attachments scanned    : 2 (including multipart/alternatives and message body)
Tue 2018-01-23 10:57:12.537: * Total attachments infected   : 0
Tue 2018-01-23 10:57:12.537: * Total attachments disinfected: 0
Tue 2018-01-23 10:57:12.537: * Total errors while scanning: 1
Tue 2018-01-23 10:57:12.537: * Total attachments removed    : 0
Tue 2018-01-23 10:57:12.593: End of SecurityPlus AntiVirus results
Tue 2018-01-23 10:57:12.593: ----------
Tue 2018-01-23 10:57:12.545: Content Filter processing c:\mdaemon\localq\md50003110113.msg...
Tue 2018-01-23 10:57:12.545: * Message return-path: [email protected]
Tue 2018-01-23 10:57:12.545: * Message from: [email protected]
Tue 2018-01-23 10:57:12.545: * Message to: [email protected]
Tue 2018-01-23 10:57:12.545: * Message subject: 「華南銀行信用卡每日消費通知」
Tue 2018-01-23 10:57:12.545: * Message ID: <b4bd0452385b2056@8fe3c8cd111d2817>
Tue 2018-01-23 10:57:12.545: Start Content Filter results
Tue 2018-01-23 10:57:12.545: * Message matched system rule: "ClamAV Plugin quarantine rule"
Tue 2018-01-23 10:57:12.545: *    Condition: X-CAV-Quarantine header exists
Tue 2018-01-23 10:57:12.545: *    Condition: X-CAV-Reason header exists
Tue 2018-01-23 10:57:12.545: *    Condition: X-MDBadQueue-Reason header does not exist
Tue 2018-01-23 10:57:12.547: *    Action: Header added to message
Tue 2018-01-23 10:57:12.568: *    Action: Header removed from message
Tue 2018-01-23 10:57:12.576: *    Action: Message copied to directory
Tue 2018-01-23 10:57:12.576: *    Action: Message deleted (this action ends further rule processing)
Tue 2018-01-23 10:57:12.596: * Matched 1 of 17 active rules
Tue 2018-01-23 10:57:12.596: End of Content Filter results
Tue 2018-01-23 10:57:12.596: ----------

shem888 發表於 2018-6-6 09:26:15

本文章最後由 shem888 於 2018-6-6 09:27 AM 編輯

找到問題~~~ 新版本有多一個選項
如圖要打勾
頁: [1]
檢視完整版本: 寄來有加密 PDF 檔都會擋