This message has been quarantined because a virus was found (Win.Exploit.CVE_2019_0903-6966169-0)
Problem reported by Alex Hee - May 27 at 12:34 AM
Resolved
Not sure what is wrong with the SmarterMail. Started since 26th May it detected above virus on some emails with PDF file even though the email is not affected by viruses.

The temporary solution is to disable ClamAV. Any idea what is happening?

17 Replies

Reply to Thread
0
Simone Schilirò Replied
Same problem here
0
Patrick Kraus Replied
We have had to disable Clam as well. It appears that this is a false positive and has been reported widely across multiple forums.

We are enabling clam every 2 hours and running the update to see if any updated have been released by them but have had no luck as of yet.

The other option would be to white-list the signature but I dont thing this is an option for this setup of Calm.
0
Manuel Martins Replied
Same problem here!
0
Ng Cher Choon Replied
Same problem here. Some domains can send out the attachment successfully but many domains have the above problem sending the same attachment. This affects mainly the PDF attachment.
0
Gonzalo Varela Rua Replied
Also here
0
Binesh Shammunni Replied
Support Team should review the issue, We have similar issue faced  some of our clients.

Any relation between Zero day vulnerability  from Microsoft patch ?


Thanks

1
William Fock Replied
Seems like someone has mentioned it's fixed 4hrs ago. (ard 1035pm SGT time) +0800

0
Kyle Kerst Replied
Employee Post
This issue does appear to be a false positive problem introduced by a ClamAV signature update as best we can tell. I have tested with the updated signatures (this morning) and I am no longer seeing the same failures, which is in line with William's comment above. To test this in your own environment, head over to Settings>Antivirus and use the menu to update the ClamAV Virus Definitions. At that point you should be good to enable the ClamAV scanning again. Please monitor for any further issues as well. 
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
1
Manuel Martins Replied
Yeasterday afternoon ClamAV updated it's database and after that the problem was solved.

0
LeapSwitch Networks Replied
How do we retry the quarantined emails ?
2
Manuel Martins Replied
On the "Virus Quarantine" option just select the emails and then go to the button with the three dots and choose "Resend"
0
LeapSwitch Networks Replied
I am aware of the resend option, but how do I find out which emails were quarantined for this issue ?
0
Alex Hee Replied
Confirmed the issue has been resolved with yesterday updated virus pattern. For those who want to restore the quarantine email just go to Spool - Virus Quarantine & filtered quarantine emails based on date (25-29 May) . Then select emails that you wanted & resend. Done.
0
Simone Schilirò Replied
Solved!
1
Nathan Y Replied
To resolve quickly in future create a .ign2 file, for example exceptions.ign2 in the clamdb folder and put 'Win.Exploit.CVE_2019_0903-6966169-0' or whichever definition is generating the false positive on a line. Reload clam and it should then ignore the definition.
0
Kyle Kerst Replied
Employee Post
Thanks Nathan! I'm going to make a note of this here in support as well, perhaps we can get that added as a KB article. 
Kyle Kerst
Technical Support Specialist
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Binesh Shammunni Replied
Again the false positive issue re appear on build 7093 ,  Support team  pleas have a look and let me know the solution.

Thanks

Reply to Thread