RE: [IMail Forum] NDR showing up as virus infected

[Jason Loven]

This doesn't appear to be actually infected though. There are no notifications in the event log and the XLS file is sent to about 50 other addresses in the same batch. It's just the NDRs from some of them are coming back and imail is for some reason deciding to flag them as infected.       Thank you, Jason Loven Manager - Technical Services Department   Computer Associates, Inc. 36 Thurber Blvd, Smithfield RI 02917 Phone: (401)232-2600, Fax: (401)232-7778 Email: [EMAIL PROTECTED] Web: http://www.cainetserv.com/ From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Travis Rabe Sent: Tuesday, June 20, 2006 11:38 AM To: Imail_Forum@list.ipswitch.com Subject: Re: [IMail Forum] NDR showing up as virus infected   http://www.theregister.co.uk/2006/05/08/premiership_virus/ On 6/20/06, Jason Loven <[EMAIL PROTECTED]> wrote: Imail 8.21…   I'm getting a virus warning on NDR reports for a spreadsheet that's being sent out to a distribution list. Apparently some of the addresses are invalid (hence the NDR) but the NDRs are being redirected as infected messages… Here's an example of the log entry…   20060620 103316 127.0.0.1       SMTPD (072c074e00001b5e) [XX.XXX.212.4] EHLO ourspamserver.ourdomain.com 20060620 103316 127.0.0.1       SMTPD (072c074e00001b5e) [XX.XXX.212.4] MAIL FROM:<> 20060620 103316 127.0.0.1       SMTPD (072c074e00001b5e) [XX.XXX.212.4] RCPT TO:<[EMAIL PROTECTED]> 20060620 103316 127.0.0.1       SMTPD (072c074e00001b5e) [x] looking up somedomain.com in HOSTS 20060620 103316 127.0.0.1       SMTPD (072c074e00001b5e) [XX.XXX.212.4] DATA 20060620 103316 127.0.0.1       SMTPD (072c074e00001b5e) [XX.XXX.212.4] D:\IMail\spool\D072c074e00001b5e.SMD 52018 20060620 103316 127.0.0.1       SMTPD (072c074e00001b5e) performing antispam checks 20060620 103316 127.0.0.1       SMTP (0000000000000000) Info - Adding Queue file D:\IMail\spool\Q072c074e00001b5e.SMD 20060620 103316 127.0.0.1       SMTPD (072c074e00001b5f) [XX.XXX.212.4] QUIT 20060620 103316 127.0.0.1       SMTP (072c074e00001b5e) processing D:\IMail\spool\Q072c074e00001b5e.SMD 20060620 103316 127.0.0.1       SMTP (072c074e00001b5e) Virus detected, Not repaired, Redirected,  Virus data ="">   The NDR's are being relayed by way of a Postfix gateway server that handles inbound/outbound email. Not sure if that's relevant or not. The thing is that the "Virus data ="" is blank. Anyone have any ideas?   Thank you, Jason Loven Manager - Technical Services Department   Computer Associates, Inc. 36 Thurber Blvd, Smithfield RI 02917 Phone: (401)232-2600, Fax: (401)232-7778 Email: [EMAIL PROTECTED] Web: http://www.cainetserv.com/ -- Regards, Travis Rabe [EMAIL PROTECTED]