S
SergioTorres
In my Windows Server 2012 R2 I use, as antivirus, a stand alone installation of Microsoft System Center Endpoint Protection.
I use hMailServer as my email server. There is the possibility to use SCEP as an external antivirus for emails and I am making use of that possibility.
To that effect I provide hMailServer with a command line to call mpcmdrun.exe and instructed it that a return value of 2 means there is a virus in the examined email and that hMailServer should delete its attachment.
The command line I am using is:
"C:\Program Files\Microsoft Security Client\mpcmdrun.exe" -scan -scantype 3 -file "%f" -DisableRemediation
I tested this configuration enabling the hMailServer's Application and Debug logs and sending a Test email from http://www.aleph-tec.com/eicar/index.php
It tested Ok.
A few days back it began reporting a lot of emails as containing virus and deleting their attachments. I was able to confirm at least some of them carried no virus. Eventually I had to disable the use of the external antivirus.
Initially I had the command line as:
"C:\Program Files\Microsoft Security Client\mpcmdrun.exe" -scan -scantype 3 -file "%FILE%" -DisableRemediation
Eventually I changed the parameter -file "%FILE%" to -file "%f"
Could this change be the culprit of the false positives?
Any ideas would be appreciated.
Continue reading...
I use hMailServer as my email server. There is the possibility to use SCEP as an external antivirus for emails and I am making use of that possibility.
To that effect I provide hMailServer with a command line to call mpcmdrun.exe and instructed it that a return value of 2 means there is a virus in the examined email and that hMailServer should delete its attachment.
The command line I am using is:
"C:\Program Files\Microsoft Security Client\mpcmdrun.exe" -scan -scantype 3 -file "%f" -DisableRemediation
I tested this configuration enabling the hMailServer's Application and Debug logs and sending a Test email from http://www.aleph-tec.com/eicar/index.php
It tested Ok.
A few days back it began reporting a lot of emails as containing virus and deleting their attachments. I was able to confirm at least some of them carried no virus. Eventually I had to disable the use of the external antivirus.
Initially I had the command line as:
"C:\Program Files\Microsoft Security Client\mpcmdrun.exe" -scan -scantype 3 -file "%FILE%" -DisableRemediation
Eventually I changed the parameter -file "%FILE%" to -file "%f"
Could this change be the culprit of the false positives?
Any ideas would be appreciated.
Continue reading...
