Messages that do not contain viruses are blocked by the 'Block Virus' rule


This article applies to:

  • Trustwave MailMarshal (SEG)
  • Trustwave ECM/MailMarshal Exchange 7.X

Symptoms:

  • Messages that do not contain viruses are blocked by the 'Block Virus' rule.

Causes:

In current versions of MailMarshal, it is possible to configure virus scanners to block messages that could not be scanned by the virus scanner.  The reasons why a particular message could not be scanned by a virus scanner vary depending on the virus scanner being used.  Some examples are password protected files, corrupt files, virus scanner signatures out of date, or unexpected scanner error.

By default in new installations of MailMarshal SMTP 6.0 and above, and MailMarshal Exchange 7.X, these messages are moved to the 'Virus Scanner Errors' folder and a specific 'Scanning Error' notification email is sent.

Default rules from some older versions did not include this functionality. In those versions the default virus scanning rule will quarantine these types of messages in the 'Virus' folder and send out the default 'Virus' email notification. 

Reply:

If your installation does not have the current default rules, it is possible to update the rules.

For example rules, refer to the Default Rules documents for current versions (available on the software documentation pages for each product).

Notes:

The additional virus scanning options (password protected, corrupt file, signatures out of date, could not unpack or analyze, unexpected error) are only available when using one of the supported .dll interface scanners.  For a full list of support scanners, refer to:

  • Q10923: What Virus Scanners are supported by Trustwave MailMarshal (SEG)?
  • Q10922: What Virus Scanners are supported by MailMarshal Exchange?

    This article was previously published as:
    NETIQKB35922

    Last Modified 5/1/2020.
    https://support.trustwave.com/kb/KnowledgebaseArticle10638.aspx