cancel
Showing results for 
Search instead for 
Did you mean: 

Anti-virus

sladkart
Grafter
Posts: 187
Registered: ‎30-07-2007

Anti-virus

Does anyone know what happens to emails that are suspected of containing a virus if I enable "Anti Virus Filtering" under the MMM/Spam tab?  Do they get quarantined, bounced, blackholed, delivered with the virus removed or something else?
Thanks
11 REPLIES 11
Peter_Vaughan
Grafter
Posts: 14,469
Registered: ‎30-07-2007

Re: Anti-virus

They are blackholed (i.e. deleted).
sladkart
Grafter
Posts: 187
Registered: ‎30-07-2007

Re: Anti-virus

Thanks for the info Peter.  Do you know what antivirus engine Postini use?  If I enable that feature I don't want any false positives- particularly if the mails are just blackholed with no notification.
Oldjim
Resting Legend
Posts: 38,460
Thanks: 787
Fixes: 63
Registered: ‎15-06-2007

Re: Anti-virus

When did this change.
It used be that they were quarantined and you got an email advising of the fact and you could then get it released if you thought it was a false positive
sladkart
Grafter
Posts: 187
Registered: ‎30-07-2007

Re: Anti-virus

I presume this changed when the AV switched to Postini instead of being handled directly by PN servers.
Might be a good idea for PN to add options to the MMM/spam tab to allow the user to decide what happens to the suspected virus emails in the same way they can decide what happens to spam.
ddunford
Grafter
Posts: 114
Registered: ‎05-04-2007

Re: Anti-virus

Any emails found to contain a virus are not deleted/blackholed/removed etc. Postini scans the emails, if they are suspected to contain a virus,  a flag is put into the headers... when it arrives at plusnets mailservers we check this flag, if true then we quarantine the email like we always have done... we then send the customer an email advising them of this and how to go about getting it delivered.
Nothing has changed regarding the anti-virus except the fact we rely on postini to do the scanning for us...
Peter_Vaughan
Grafter
Posts: 14,469
Registered: ‎30-07-2007

Re: Anti-virus

Hmm... I may be wrong  Embarrassed
http://portal.plus.net/support/security/spam/spam_protection_advanced_guide.shtml#edgeprotection
appears to indicate there is a quarantine system in place within Postini's systems, but none of the other help pages mention this - maybe they have not been updated yet.
Given the fact that the help pages are not up to date any more I'm not sure what happens with them now.
[edit to add] Ah I see Dan has answered now and I was wrong.
sladkart
Grafter
Posts: 187
Registered: ‎30-07-2007

Re: Anti-virus

Thanks for the clarification Dan.  I feel safer enabling this option if I know that I can get the emails delivered if necessary.
I'll be glad when the help pages catch up with the current functionality.  They will catch up won't they?  Roll_eyes

Peter - Postini can quarantine virus emails (we use it at work), but obviously PN are handling the quarantine themselves as per Dan's comments.

Edit: Forgot to add a further question for Dan.  Who gets the notification email of a virus?  The mailbox user or the postmaster?  I would prefer it not to be the user or maybe it could be configurable in some way.  Is that possible?
ddunford
Grafter
Posts: 114
Registered: ‎05-04-2007

Re: Anti-virus

Quote from: robr
Edit: Forgot to add a further question for Dan.  Who gets the notification email of a virus?  The mailbox user or the postmaster?  I would prefer it not to be the user or maybe it could be configurable in some way.  Is that possible?

If my memory serves me right, it'll be the recipient of the original 'to' address that the email was going to. It should work how we use to qaurantine virus emails, that part hasn't changed.
sladkart
Grafter
Posts: 187
Registered: ‎30-07-2007

Re: Anti-virus

Hmm not sure I like the idea of my wife or son selecting a 'click here to download a virus' link Wink 
I'd prefer to get the notifications myself (as postmaster) and then decide how to handle the potential virus email.  I might just continue handling email viruses on my server locally if this can't be configured on PN.

Edit: Just thinking about this more logically - what flag does postini put in the headers if it thinks it has found a virus?  I could check for  that at my end and do what I like with the emails locally.  I presume the Yes/No option just enables or disables the PN quarantine process.  If it's set to No the emails will be delivered to me presumably with the 'virus' indicator in the header intact.
Edit: Just saw your response below Dan.  Yes I guess I could just redirect the alert emails to postmaster.  I'll look into it.  Thanks.
ddunford
Grafter
Posts: 114
Registered: ‎05-04-2007

Re: Anti-virus

You wont get a 'click here to download' you have to send a specific block of text to a specific email address...
eg.
Subject: Alert: An email addressed to you has been quarantined
From:  "Email Alerting Service" <unquarantine@quarantine.plus.com>
body:
Dear Plusnet Customer,
You are receiving this mail because you have an active virus-scanning
service, and either a banned file extension or an email containing
a virus has been sent to your address.
The item(s) in question picked up by the service was:
*      EICAR test file
and was sent to you from:
*      Dan Dunford <xxx@xxx>
The subject line of the mail received was:
*      virus...
In order to protect you, this email has been stored on our servers
and quarantined.  If you wish to retrieve this, please send an
email to unquarantine@quarantine.plus.com containing the following information;
----------------------- SUPPORT INFORMATION ----------------------
Quarantine-Id: a2afa5cc0b7a9979399e595d4af6e2ec32422
Message-Id: <47F466D8.5080709@plus.net>
To: xxxxx, xxxxx
----------------------- SUPPORT INFORMATION ----------------------
It should be possible to reply to this mail to retrieve your email,
as long as your email application includes this entire message in
the reply.
Kind Regards,
Customer Support.

So i suppose if you use outlook, then you can setup a filter that any emails coming from 'unquarantine@quarantine.plus.com' get redirected to your postmaster account?
sladkart
Grafter
Posts: 187
Registered: ‎30-07-2007

Re: Anti-virus

Quote from: ddunford
You wont get a 'click here to download' you have to send a specific block of text to a specific email address...

But hitting REPLY and then SEND on the notification email would effectively do the same thing.  I'll investigate redirecting the notifications at my end to postmaster.