So a customer asked me to look into why they had not got an email they sent from their personal accoun tto a co-worker.

 

Looking at the logs below the email was recieved by SM fine and processed in the SMTP log

 

But then in the delivery log the virus was flagged, but neither parties in the email not a notification of the virus so both thought it had been delievered and the other they habdt got it.

 

Any ideas of how this could be changed?

 

[2018.01.17] 14:50:50 [40.92.68.87][8623203] rsp: 220 www.xxxxxxxxxxxxxxxxx.co.uk Wed, 17 Jan 2018 14:50:50 +0000 UTC
[2018.01.17] 14:50:50 [40.92.68.87][8623203] connected at 17/01/2018 14:50:50
[2018.01.17] 14:50:50 [40.92.68.87][8623203] cmd: EHLO EUR02-xxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxx.com
[2018.01.17] 14:50:50 [40.92.68.87][8623203] rsp: 250-www.xxxxxxxxxxxxxxxxx.co.uk Hello [xxxxxxxxxxxxxxxxx]250-SIZE 52428800250-AUTH LOGIN CRAM-MD5250-STARTTLS250-8BITMIME250 OK
[2018.01.17] 14:50:50 [40.92.68.87][8623203] cmd: STARTTLS
[2018.01.17] 14:50:50 [40.92.68.87][8623203] rsp: 220 Start TLS negotiation
[2018.01.17] 14:50:50 [40.92.68.87][8623203] cmd: EHLO EUR02-xxxxxxxxxxxxxxxxx-xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxx.com
[2018.01.17] 14:50:50 [40.92.68.87][8623203] rsp: 250-www.xxxxxxxxxxxxxxxxx.co.uk Hello [xxxxxxxxxxxxxxxxx]250-SIZE 52428800250-AUTH LOGIN CRAM-MD5250-8BITMIME250 OK
[2018.01.17] 14:50:50 [40.92.68.87][8623203] cmd: MAIL FROM:<xxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxx.com> SIZE=134887 AUTH=<>
[2018.01.17] 14:50:50 [40.92.68.87][8623203] senderEmail(1): xxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxx.com parsed using: <xxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxx.com>
[2018.01.17] 14:51:15 [40.92.68.87][8623203] rsp: 250 OK <xxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxx.com> Sender ok
[2018.01.17] 14:51:15 [40.92.68.87][8623203] cmd: RCPT TO:<xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxx.co.uk>
[2018.01.17] 14:51:15 [40.92.68.87][8623203] rsp: 250 OK <xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxx.co.uk> Recipient ok
[2018.01.17] 14:51:15 [40.92.68.87][8623203] cmd: DATA
[2018.01.17] 14:51:15 [40.92.68.87][8623203] rsp: 354 Start mail input; end with <CRLF>.<CRLF>
[2018.01.17] 14:51:15 [40.92.68.87][8623203] senderEmail(2): xxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxx.com parsed using: xxxxxxxxxxxxxxxxx xxxxxxxxxxxxxxxxx <xxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxx.com>
[2018.01.17] 14:51:58 [40.92.68.87][8623203] rsp: 250 OK
[2018.01.17] 14:51:58 [40.92.68.87][8623203] Successfully wrote to the HDR file. (x:\xxxxxxxxxxxxxxxxx\Spool\SubSpool15\691226441088.hdr)
[2018.01.17] 14:51:58 [40.92.68.87][8623203] Data transfer succeeded, writing mail to 691226441088.eml (MessageID: <xxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxx.xxxxxxxxxxxxxxxxx.COM>
[2018.01.17] )14:51:58 [40.92.68.87][8623203] disconnected at 17/01/2018 14:51:58 
[2018.01.17] 14:51:16 [41088] Delivery started for xxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxx.com at 14:51:16
[2018.01.17] 14:52:02 [41088] This message has been quarantined because a virus was found.
[2018.01.17] 14:52:04 [41088] .eml file not found.  Removing .hdr file.
[2018.01.17] 14:52:04 [41088] Delivery finished for xxxxxxxxxxxxxxxxx@xxxxxxxxxxxxxxxxx.com at 14:52:04     [id:691226441088]