ClamAV triggering Windows Virus & Threat Protection | MDaemon Technologies, Ltd.

ClamAV triggering Windows Virus & Threat Protection

CLAMAV

C

Cameron
3/19/25, 6:34 PM

Windows Server 2022: I'm seeing the following in the Security/Antivirus log:

* INLINE SCANNING ERROR: ClamAV error while scanning file c:\mdaemon\queues\temp\md5001000000064.wrk!

At the same time, Windows Virus & Threat Protection reports:

Detected: Trojan:Script/Sabsik.TE.A!ml
Status: Severe
Details: This program is dangerous and executes commands from an attacker

Affected items:
containerfile: C:\MDaemon\Queues\Temp\md5001000000064.wrk

I assume this is a false positive? Is so, what's the best way to stop it triggering??

Thanks,

Cameron

0 likes 0 likes

3
Posts

118
Views
T

Tyler Staff
3/20/25, 4:30 PM

We recommend excluding any first party (Win Defender) or third party antivirus solutions from scanning and/or monitoring the C:\MDaemon directory and sub-folders to avoid any interruptions in mail flow.

https://knowledge.mdaemon.com/running-non-mdaemon-antivirus-solution

In this case it appears Windows defender detected a trojan while ClamAV was trying to scan the message through its own definition database.

1 likes 0 likes
C

Cameron
3/20/25, 5:29 PM

It happens so often that it seems Windows Defender believes the MDaemon .wrk files are the trojan!

I've excluded C:\MDaemon from scanning so hopefully that will do it.

0 likes 0 likes

Please login to reply this topic!

Copyright © 1996-2025 MDaemon Technologies, Ltd. All trademarks are property of their respective owners.