"Spam" goes to ClamAV quarantine SM 15.7
Problem reported by Lennart Eliasson - 9/27/2018 at 2:42 AM
Certain email marked spam are caught by ClamAV and goes to quarantine even though there is no virus in them. Whitelisting sender doesn't help. They still go there.
Delivery log file says: "This message has been quarantined because a virus was found."
SmarterMail Enterprise 15.7
Virus definitions 2018-09-27 10:23:55

6 Replies

Reply to Thread
Nathan Replied
Are you running the SaneSecurity antispam/antimalware definitions in clam? 

If so, any hits will be considered a virus by SM as it does not understand the different between the default clamav defs and the sanesecurity antispam/antimalware defs.

Frank Jensen Replied
Yes it seems so in newest sm also.

It should be possible for Smartermail to use ClamAV answer to either send to quarantine or junk.
But I guess they dont.

ClamAV log:
Wed Jan 30 15:03:11 2019 -> c:\SmarterMail\Spool\SubSpool4\59910765.eml: Sanesecurity.Scam.12551.UNOFFICIAL FOUND
Wed Jan 30 15:15:08 2019 -> c:\SmarterMail\Spool\SubSpool6\59910826.eml: Sanesecurity.Phishing.Fake.Coin.27521.UNOFFICIAL FOUND
Wed Jan 30 15:20:06 2019 -> SelfCheck: Database status OK.
Wed Jan 30 15:35:40 2019 -> c:\SmarterMail\Spool\SubSpool7\59910945.eml: Sanesecurity.Junk.56698.UNOFFICIAL FOUND

Rycque Neoh Replied
Same issue happen to latest build.

[2020.12.31] 13:41:09.498 [32185783] This message has been quarantined because a virus was found by ClamAV. Virus: (Sanesecurity.Spam.11686.Dom.UNOFFICIAL).
[2020.12.31] 13:41:09.498 [32185782] This message has been quarantined because a virus was found by ClamAV. Virus: (Sanesecurity.Spam.11686.Dom.UNOFFICIAL).
[2020.12.31] 14:31:16.787 [32185927] This message has been quarantined because a virus was found by ClamAV. Virus: (Sanesecurity.Spam.11686.Dom.UNOFFICIAL).

Any update from SmarterMail support? 

Thank you
Gabriele Maoret - SERSIS Replied
Do you use Sanesecurity additional definition for ClamAV?

If so try to disable it
Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
Nathan Replied
The ClamAV integration is pass/fail, fail being it is considered to have a virus even if it is a spam definition triggering.
Brian Davidson Replied
Same issue here since at least the late December 2020 or early January 2021 builds; too many legitimate messages are quarantined by ClamAV. It seems almost any email delivering account information (such as a credit card company message which shows the last few digits of a card number for verification to the recipient). 

It's to the point where we may have to disable ClamAV entirely.

Reply to Thread