English
Chinese (Simplified)
French
German
Italian
Japanese
Russian
Spanish
Vietnamese
All Word docs getting quarantined incorrectly
-
Since updating to SecurityGateway 9.0, any e-mail with a Word document attached is getting quaratentined because it appears the Cyren antivirus engine fails to scan it. This is the relevent potion from the transmission log:
Thu 2023-01-19 13:06:45: Passing message through anti-virus (Size: 105889)...Thu 2023-01-19 13:06:45: * Scanning message using: ClamAV for SecurityGatewayThu 2023-01-19 13:06:46: * Message is clean (no viruses found)Thu 2023-01-19 13:06:46: * Scanning message using: Cyren Anti-Virus for SecurityGatewayThu 2023-01-19 13:06:46: * Message scanning failedThu 2023-01-19 13:06:46: ** FILEINTO adminThu 2023-01-19 13:06:46: -- End: Anti-Virus (0.471859 seconds) --
-
Arron Staff
I was not able to reproduce the issue.
Can you send me an MSG file for a message that you have had the issue with?
You can send it to arron.caruth@mdaemon.com, please reference your post.
-
@Arron Sent you a sample as requested.
-
Hi,
I have the same problem, word and excel.
on 2023-01-23 11:38:16: Aceptando SMTP conexión desde [23.83.212.46 : 36287] en el puerto 25Mon 2023-01-23 11:38:17: El remitente no es un servidor de correo localMon 2023-01-23 11:38:17: ========== Procesando IP scriptsMon 2023-01-23 11:38:17: -- Ejecutando: Location Screening --Mon 2023-01-23 11:38:17: Se detectó conexión del país: CanadáMon 2023-01-23 11:38:17: Se detectó conexión del código de país: CAMon 2023-01-23 11:38:17: ** Agregar encabezado: X-SGOrigin-CountryMon 2023-01-23 11:38:17: -- Término: Location Screening (0.000000 segundos) --Mon 2023-01-23 11:38:17: -- Ejecutando: Blacklist --Mon 2023-01-23 11:38:17: -- Término: Blacklist (0.000000 segundos) --Mon 2023-01-23 11:38:17: ========== Finalizar IP scriptsMon 2023-01-23 11:38:17: --> 220 commcenter.es ESMTP SecurityGateway 9.0.0; Mon, 23 Jan 2023 11:38:16 +0100Mon 2023-01-23 11:38:17: <-- EHLO cross.elm.relay.mailchannels.netMon 2023-01-23 11:38:17: Realizando búsqueda de IP (cross.elm.relay.mailchannels.net)Mon 2023-01-23 11:38:17: * D=cross.elm.relay.mailchannels.net TTL=(5) A=[23.83.212.46]Mon 2023-01-23 11:38:17: ========== Procesando HELO scriptsMon 2023-01-23 11:38:17: -- Ejecutando: Blacklist --Mon 2023-01-23 11:38:17: -- Término: Blacklist (0.000000 segundos) --Mon 2023-01-23 11:38:17: -- Ejecutando: HELO DNS lookup --Mon 2023-01-23 11:38:17: -- Término: HELO DNS lookup (0.000000 segundos) --Mon 2023-01-23 11:38:17: ========== Finalizar HELO scriptsMon 2023-01-23 11:38:17: --> 250-commcenter.es Hello cross.elm.relay.mailchannels.net, pleased to meet youMon 2023-01-23 11:38:17: --> 250-8BITMIMEMon 2023-01-23 11:38:17: --> 250-AUTH LOGIN PLAINMon 2023-01-23 11:38:17: --> 250-STARTTLSMon 2023-01-23 11:38:17: --> 250 SIZE 0Mon 2023-01-23 11:38:17: <-- STARTTLSMon 2023-01-23 11:38:17: --> 220 Begin TLS negotiationMon 2023-01-23 11:38:18: Negociación SSL exitosa (TLS 1.2, TLS_ECDHE_RSA_WITH_AES_256_CBC_SHA384_P256)Mon 2023-01-23 11:38:18: <-- EHLO cross.elm.relay.mailchannels.netMon 2023-01-23 11:38:18: Realizando búsqueda de IP (cross.elm.relay.mailchannels.net)Mon 2023-01-23 11:38:18: * D=cross.elm.relay.mailchannels.net TTL=(4) A=[23.83.212.46]Mon 2023-01-23 11:38:18: ========== Procesando HELO scriptsMon 2023-01-23 11:38:18: -- Ejecutando: Blacklist --Mon 2023-01-23 11:38:18: -- Término: Blacklist (0.000000 segundos) --Mon 2023-01-23 11:38:18: -- Ejecutando: HELO DNS lookup --Mon 2023-01-23 11:38:18: -- Término: HELO DNS lookup (0.000000 segundos) --Mon 2023-01-23 11:38:18: ========== Finalizar HELO scriptsMon 2023-01-23 11:38:18: --> 250-commcenter.es Hello cross.elm.relay.mailchannels.net, pleased to meet youMon 2023-01-23 11:38:18: --> 250-8BITMIMEMon 2023-01-23 11:38:18: --> 250-AUTH LOGIN PLAINMon 2023-01-23 11:38:18: --> 250-REQUIRETLSMon 2023-01-23 11:38:18: --> 250 SIZE 0Mon 2023-01-23 11:38:18: <-- MAIL FROM:<grojas@gestisae.net> SIZE=96943Mon 2023-01-23 11:38:18: Realizando búsqueda en Minger (192.168.xx.xx:4069 para grojas@gestisae.net)Mon 2023-01-23 11:38:18: Realizando búsqueda en Minger (192.168.xx.xx:4069 para grojas@gestisae.net)Mon 2023-01-23 11:38:18: Realizando búsqueda en Minger (192.168.xx.xx:4069 para grojas@gestisae.net)Mon 2023-01-23 11:38:18: Usuario no encontrado: <grojas@gestisae.net>Mon 2023-01-23 11:38:18: ========== Procesando AUTH scriptsMon 2023-01-23 11:38:18: -- Ejecutando: Secure and authenticated port rules --Mon 2023-01-23 11:38:18: -- Término: Secure and authenticated port rules (0.000000 segundos) --Mon 2023-01-23 11:38:18: -- Ejecutando: Dynamic Screening --Mon 2023-01-23 11:38:18: * Habilitando Filtrado DinámicoMon 2023-01-23 11:38:18: -- Término: Dynamic Screening (0.000000 segundos) --Mon 2023-01-23 11:38:18: ========== Finalizar AUTH scriptsMon 2023-01-23 11:38:18: ========== Procesando MAIL scriptsMon 2023-01-23 11:38:18: -- Ejecutando: Invalid Sender --Mon 2023-01-23 11:38:18: -- Término: Invalid Sender (0.000000 segundos) --Mon 2023-01-23 11:38:18: -- Ejecutando: MAIL DNS Lookup --Mon 2023-01-23 11:38:18: Realizando búsqueda de MAIL (gestisae.net)Mon 2023-01-23 11:38:18: * P=010 D=gestisae.net TTL=(60) MX=[filtro.sendguardian.com]Mon 2023-01-23 11:38:18: -- Término: MAIL DNS Lookup (0.104858 segundos) --Mon 2023-01-23 11:38:18: -- Ejecutando: SMTP Authentication Required --Mon 2023-01-23 11:38:18: -- Término: SMTP Authentication Required (0.000000 segundos) --Mon 2023-01-23 11:38:18: ========== Finalizar MAIL scriptsMon 2023-01-23 11:38:18: --> 250 <grojas@gestisae.net>, Sender okMon 2023-01-23 11:38:19: <-- RCPT TO:<egonzalez@commcenter.es>Mon 2023-01-23 11:38:19: Usuario encontrado: <egonzalez@commcenter.es>Mon 2023-01-23 11:38:19: ========== Procesando RCPT scripts para el destinatario: egonzalez@commcenter.esMon 2023-01-23 11:38:19: RCPT Domain = commcenter.esMon 2023-01-23 11:38:19: -- Ejecutando: Blacklist --Mon 2023-01-23 11:38:19: -- Término: Blacklist (0.000000 segundos) --Mon 2023-01-23 11:38:19: -- Ejecutando: Tarpitting --Mon 2023-01-23 11:38:19: # Remitente está en lista blanca (Mail From user)Mon 2023-01-23 11:38:19: -- Término: Tarpitting (0.052429 segundos) --Mon 2023-01-23 11:38:19: -- Ejecutando: Relaying Denied --Mon 2023-01-23 11:38:19: -- Término: Relaying Denied (0.000000 segundos) --Mon 2023-01-23 11:38:19: -- Ejecutando: Invalid Recipient --Mon 2023-01-23 11:38:19: -- Término: Invalid Recipient (0.000000 segundos) --Mon 2023-01-23 11:38:19: -- Ejecutando: Validate Local Sender --Mon 2023-01-23 11:38:19: -- Término: Validate Local Sender (0.000000 segundos) --Mon 2023-01-23 11:38:19: -- Ejecutando: DNS Blacklists (client IP) --Mon 2023-01-23 11:38:19: -- Término: DNS Blacklists (client IP) (0.000000 segundos) --Mon 2023-01-23 11:38:19: -- Ejecutando: Callback Verification --Mon 2023-01-23 11:38:19: -- Término: Callback Verification (0.000000 segundos) --Mon 2023-01-23 11:38:19: -- Ejecutando: Domain: commcenter.es - SPF --Mon 2023-01-23 11:38:19: Performing SPF lookup (gestisae.net / 23.83.212.46)Mon 2023-01-23 11:38:19: * Policy: v=spf1 include:saferoute.sendguardian.com -allMon 2023-01-23 11:38:19: * Evaluating include:saferoute.sendguardian.com: performing lookupMon 2023-01-23 11:38:19: * Policy: v=spf1 include:relay.mailchannels.net -allMon 2023-01-23 11:38:19: * Evaluating include:relay.mailchannels.net: performing lookupMon 2023-01-23 11:38:19: * Policy: v=spf1 ip4:23.83.208.0/20 ip4:46.232.183.0/24 ip4:199.10.31.235/32 ip4:199.10.31.236/32 ip4:172.255.62.10/32 ip4:172.255.62.11/32 ip4:103.18.109.138/32 ip4:54.214.232.113/32 ~allMon 2023-01-23 11:38:19: * Evaluating ip4:23.83.208.0/20: matchMon 2023-01-23 11:38:19: * Evaluating include:relay.mailchannels.net: matchMon 2023-01-23 11:38:19: * Evaluating include:saferoute.sendguardian.com: matchMon 2023-01-23 11:38:19: * Resultado: passMon 2023-01-23 11:38:19: -- Término: Domain: commcenter.es - SPF (0.052429 segundos) --Mon 2023-01-23 11:38:19: ========== Finalizar RCPT scriptsMon 2023-01-23 11:38:19: --> 250 <egonzalez@commcenter.es>, Recipient okMon 2023-01-23 11:38:20: <-- DATAMon 2023-01-23 11:38:20: --> 354 Enter mail, end with <CRLF>.<CRLF>Mon 2023-01-23 11:38:20: Tamaño del mensaje: 96999 bytesMon 2023-01-23 11:38:20: ID de Mensaje: <!&!AAAAAAAAAAAYAAAAAAAAAMdTQ+T623JAtTY4aC2kENXCgAAAEAAAAON5HocrxOFOqrN5pC6cPeYBAAAAAA==@gestisae.net>Mon 2023-01-23 11:38:20: Message creation successful: C:\Program Files\MDaemon Technologies\SecurityGateway\Inbound\39793a9743a94acea88953d702796d5d.MSGMon 2023-01-23 11:38:20: ========== Procesando DATA scripts para el destinatario: egonzalez@commcenter.esMon 2023-01-23 11:38:20: RCPT Domain = commcenter.esMon 2023-01-23 11:38:20: -- Ejecutando: Blacklist --Mon 2023-01-23 11:38:20: -- Término: Blacklist (0.000000 segundos) --Mon 2023-01-23 11:38:20: -- Ejecutando: URI Blacklists (URIBL) --Mon 2023-01-23 11:38:20: -- Término: URI Blacklists (URIBL) (0.000000 segundos) --Mon 2023-01-23 11:38:20: -- Ejecutando: SpamAssassin --Mon 2023-01-23 11:38:20: -- Término: SpamAssassin (0.000000 segundos) --Mon 2023-01-23 11:38:20: -- Ejecutando: Mail Nocivo --Mon 2023-01-23 11:38:20: -- Término: Mail Nocivo (0.000000 segundos) --Mon 2023-01-23 11:38:20: -- Ejecutando: Disa --Mon 2023-01-23 11:38:20: -- Término: Disa (0.000000 segundos) --Mon 2023-01-23 11:38:20: -- Ejecutando: bitcoin --Mon 2023-01-23 11:38:21: Ocurrió un error al extraer texto del archivo CALENDARIO 2023.xlsxMon 2023-01-23 11:38:21: LoadIFilter: Unknown error.Mon 2023-01-23 11:38:21: -- Término: bitcoin (0.052429 segundos) --Mon 2023-01-23 11:38:21: -- Ejecutando: Contraseña --Mon 2023-01-23 11:38:21: -- Término: Contraseña (0.000000 segundos) --Mon 2023-01-23 11:38:21: -- Ejecutando: Contiene URL Activa --Mon 2023-01-23 11:38:21: -- Término: Contiene URL Activa (0.000000 segundos) --Mon 2023-01-23 11:38:21: -- Ejecutando: Contiene IP --Mon 2023-01-23 11:38:21: -- Término: Contiene IP (0.000000 segundos) --Mon 2023-01-23 11:38:21: -- Ejecutando: IP Pictel --Mon 2023-01-23 11:38:21: -- Término: IP Pictel (0.000000 segundos) --Mon 2023-01-23 11:38:21: -- Ejecutando: @secosum.com IP Virus --Mon 2023-01-23 11:38:21: -- Término: @secosum.com IP Virus (0.000000 segundos) --Mon 2023-01-23 11:38:21: -- Ejecutando: IP Pictel Mensaje --Mon 2023-01-23 11:38:21: -- Término: IP Pictel Mensaje (0.000000 segundos) --Mon 2023-01-23 11:38:21: -- Ejecutando: pagofacilde@telefonicaconsumerfinance.net --Mon 2023-01-23 11:38:21: -- Término: pagofacilde@telefonicaconsumerfinance.net (0.000000 segundos) --Mon 2023-01-23 11:38:21: -- Ejecutando: Domain: commcenter.es - Anti-Virus --Mon 2023-01-23 11:38:21: Procesando el mensaje con el anti-virus (Tamaño: 96999)...Mon 2023-01-23 11:38:21: * Escaneando el mensaje utilizando: ClamAV for SecurityGatewayMon 2023-01-23 11:38:21: * Mensaje limpio (no se encontraron virus)Mon 2023-01-23 11:38:21: * Escaneando el mensaje utilizando: Cyren Anti-Virus for SecurityGatewayMon 2023-01-23 11:38:21: * Escaneo de mensaje fallidoMon 2023-01-23 11:38:21: ** Fileinto adminMon 2023-01-23 11:38:21: -- Término: Domain: commcenter.es - Anti-Virus (0.838861 segundos) --Mon 2023-01-23 11:38:21: -- Ejecutando: Domain: commcenter.es - Outbreak Protection (Anti-Virus) --Mon 2023-01-23 11:38:21: Procesando el mensaje con Outbreak Protection (Tamaño: 96999)…Mon 2023-01-23 11:38:22: * Reference-ID: str=0001.0A782F1A.63CE639E.004D,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0Mon 2023-01-23 11:38:22: * Nivel de amenaza de Spam: CleanMon 2023-01-23 11:38:22: * Nivel de amenaza del Virus: CleanMon 2023-01-23 11:38:22: -- Término: Domain: commcenter.es - Outbreak Protection (Anti-Virus) (0.629146 segundos) --Mon 2023-01-23 11:38:22: -- Ejecutando: Domain: commcenter.es - Outbreak Protection (Spam) --Mon 2023-01-23 11:38:22: -- Término: Domain: commcenter.es - Outbreak Protection (Spam) (0.000000 segundos) --Mon 2023-01-23 11:38:22: -- Ejecutando: Domain: commcenter.es - DMARC --Mon 2023-01-23 11:38:22: Realizando procesamiento DMARCMon 2023-01-23 11:38:22: * File: C:\Program Files\MDaemon Technologies\SecurityGateway\Inbound\39793a9743a94acea88953d702796d5d.MSGMon 2023-01-23 11:38:22: * MessageID: <!&!AAAAAAAAAAAYAAAAAAAAAMdTQ+T623JAtTY4aC2kENXCgAAAEAAAAON5HocrxOFOqrN5pC6cPeYBAAAAAA==@gestisae.net>Mon 2023-01-23 11:38:22: * Author domain: gestisae.netMon 2023-01-23 11:38:22: * Organizational domain: gestisae.netMon 2023-01-23 11:38:22: Ejecutando consulta DMARCMon 2023-01-23 11:38:22: * Query domain: _dmarc.gestisae.netMon 2023-01-23 11:38:22: * Policy record: v=DMARC1; p=none; rua=mailto:dmarc@gestisae.net.; ruf=mailto:dmarc@gestisae.net.Mon 2023-01-23 11:38:22: * Checking authentication mechanisms for DMARC alignmentMon 2023-01-23 11:38:22: * SPF: domain "gestisae.net" passed SPF check; and domain is DMARC alignedMon 2023-01-23 11:38:22: * DKIM: verification disabled by administratorMon 2023-01-23 11:38:22: -- Término: Domain: commcenter.es - DMARC (0.052429 segundos) --Mon 2023-01-23 11:38:22: -- Ejecutando: Domain: commcenter.es - Attachment Filtering --Mon 2023-01-23 11:38:22: -- Término: Domain: commcenter.es - Attachment Filtering (0.000000 segundos) --Mon 2023-01-23 11:38:22: -- Ejecutando: Domain: commcenter.es - salesforce.com --Mon 2023-01-23 11:38:22: -- Término: Domain: commcenter.es - salesforce.com (0.000000 segundos) --Mon 2023-01-23 11:38:22: -- Ejecutando: Domain: commcenter.es - elevenpaths.com --Mon 2023-01-23 11:38:22: -- Término: Domain: commcenter.es - elevenpaths.com (0.000000 segundos) --Mon 2023-01-23 11:38:22: -- Ejecutando: Domain: commcenter.es - Commcenter --Mon 2023-01-23 11:38:22: -- Término: Domain: commcenter.es - Commcenter (0.000000 segundos) --Mon 2023-01-23 11:38:22: -- Ejecutando: Message Score --Mon 2023-01-23 11:38:22: -- Término: Message Score (0.000000 segundos) --Mon 2023-01-23 11:38:22: * Puntuación final: 0.00Mon 2023-01-23 11:38:22: ========== Finalizar DATA scriptsMon 2023-01-23 11:38:22: --> 250 Ok, message savedMon 2023-01-23 11:38:22: <-- QUITMon 2023-01-23 11:38:22: --> 221 See ya in cyberspaceMon 2023-01-23 11:38:22: Sesión SMTP exitosa (Bytes entrantes/salientes: 97183/536)Mon 2023-01-23 11:38:22: ----------The error is caused by the filterhost.exe?
-
I have tried to disable the filtering, but it keeps stopping it. I think it's not a problem with filterhost.exe
-
After several tests I have come to the conclusion that the problem is the size of the file that the antivirus scans.
Same file with the difference in size.
* With few dataMon 2023-01-23 16:37:32: Procesando el mensaje con el anti-virus (Tamaño: 20352)...
Mon 2023-01-23 16:37:32: * Escaneando el mensaje utilizando: ClamAV for SecurityGateway
Mon 2023-01-23 16:37:33: * Mensaje limpio (no se encontraron virus)
Mon 2023-01-23 16:37:33: * Escaneando el mensaje utilizando: Cyren Anti-Virus for SecurityGateway
Mon 2023-01-23 16:37:33: * Mensaje limpio (no se encontraron virus)
Mon 2023-01-23 16:37:33: -- Término: Domain: commcenter.es - Anti-Virus (0.471859 segundos) --
with more data (same file)Mon 2023-01-23 16:29:06: -- Ejecutando: Domain: commcenter.es - Anti-Virus --
Mon 2023-01-23 16:29:06: Procesando el mensaje con el anti-virus (Tamaño: 25578)...
Mon 2023-01-23 16:29:06: * Escaneando el mensaje utilizando: ClamAV for SecurityGateway
Mon 2023-01-23 16:29:06: * Mensaje limpio (no se encontraron virus)
Mon 2023-01-23 16:29:06: * Escaneando el mensaje utilizando: Cyren Anti-Virus for SecurityGateway
Mon 2023-01-23 16:29:06: * Escaneo de mensaje fallido
Mon 2023-01-23 16:29:06: ** Fileinto admin
Mon 2023-01-23 16:29:06: -- Término: Domain: commcenter.es - Anti-Virus (0.419430 segundos) --
Mon 2023-01-23 16:29:06: -- Ejecutando: Domain: commcenter.es - Outbreak Protection (Anti-Virus) --
Mon 2023-01-23 16:29:06: Procesando el mensaje con Outbreak Protection (Tamaño: 25578)…
But if in Antivirus settings --> VirusScanning --> Configuration
Allow message to pass if one Antivirus engine scans successfullyIt is activated, it does not give any error, but we lose the CYREN Antivirus
Mon 2023-01-23 16:40:09: -- Ejecutando: Domain: commcenter.es - Anti-Virus --Mon 2023-01-23 16:40:09: Procesando el mensaje con el anti-virus (Tamaño: 32876)...Mon 2023-01-23 16:40:09: * Escaneando el mensaje utilizando: ClamAV for SecurityGatewayMon 2023-01-23 16:40:09: * Mensaje limpio (no se encontraron virus)Mon 2023-01-23 16:40:09: * Escaneando el mensaje utilizando: Cyren Anti-Virus for SecurityGatewayMon 2023-01-23 16:40:09: * Escaneo de mensaje fallidoMon 2023-01-23 16:40:09: -- Término: Domain: commcenter.es - Anti-Virus (0.157286 segundos) --Mon 2023-01-23 16:40:09: -- Ejecutando: Domain: commcenter.es - Outbreak Protection (Anti-Virus) --Mon 2023-01-23 16:40:09: Procesando el mensaje con Outbreak Protection (Tamaño: 32876)…br,Javier Meilan
-
Arron Staff
@Bill I emailed you this morning with a new dll to try, please let me know if it fixes the issue for you.
-
Arron Staff
@Javier It is not caused by the issues with filterhost.exe. Please see the thread Filter Error thread you started for a solution for that issue.
If you can email me privately at arron.caruth@mdaemon.com, I'd be happy to share the dll I provided to Bill so that we can verify if it addresses your issue as well.
-
@Arron Hi Arron, I never received the e-mail.
-
Arron Staff
@Bill Sorry, the message was quarantined by our server. I just released the message from the quarantine this morning. You should have it now, if you do not, let me know and I will resend.
-
Matthew Staff@Javier Meilan regarding the iFilter error "LoadIFilter: Unexpected error."
It looks like you did install the VS 2015 runtime. This error is different but doesn't tell me very much. I would try installing the MS office filter pack on the server.
https://www.microsoft.com/en-us/download/details.aspx?id=58425
-
@Matthew McDermott This package cannot be installed on the server. It does not allow it.
Please login to reply this topic!
