[mdaemon-l] Emai bervirus masuk quarantine queue

Thu, 03 Sep 2020 23:04:24 -0700 


On 03/09/2020 19.38, Syafril Hermansyah via mdaemon-l wrote:



Oh ini adalah offline AV scanning dari MDAV pakai Cyren AV.
Jam berapa jadwal SPScanCT dilakukan?



Lognya ada di SPScanCT-2020-09-03.log.

Di MD 19.5.5 kebawah SPScan hanyak aktif kalau MDconfig open, tetapi di
MD 20.x akan terus aktif sekalipun MDconfig GUI tidak aktif.


Berikut log dari SPScanCT-2020-09-03.log pak :


[Thu 2020-09-03 01:15:09] ----- MDaemon's SPScanCT 20.0.1 Log file 
starting ---


...

[Thu 2020-09-03 16:59:50] Files scanned : 153417

[Thu 2020-09-03 16:59:50] Files infected: 2820
[Thu 2020-09-03 16:59:50] Error count   : 107

[Thu 2020-09-03 16:59:50] ----- MDaemon's SPScanCT 20.0.1 Log file 
stopping ---



Apakah jumlah file infected ini yang kemudian oleh MDaemon dimasukan ke 
Quarantene queue pak ?



Mohon maaf saat ini saya sudah hapus semua email di Quarantene queue 
pak, jadi saya tidak bisa kirim message aslinya.




Berdasarkan log hari ini, sepertinya email yang ber-virus sudah ditolak 
oleh MDaemon pak.


Fri 2020-09-04 12:48:56.638: ----------
Fri 2020-09-04 12:47:48.092: [03725116] Session 03725116; child 0003

Fri 2020-09-04 12:47:48.092: [03725116] Accepting SMTP connection from 
190.112.208.171:57160 to 124.81.84.135:25
Fri 2020-09-04 12:47:48.092: [03725116] Location Screen says connection 
is from Paraguay, South America
Fri 2020-09-04 12:47:48.094: [03725116] --> 220 mail.persada.id ESMTP 
MDaemon 20.0.1; Fri, 04 Sep 2020 12:47:48 +0700

Fri 2020-09-04 12:47:48.541: [03725116] <-- EHLO blue2.pla.net.py

Fri 2020-09-04 12:47:48.541: [03725116] --> 250-mail.persada.id Hello 
blue2.pla.net.py [190.112.208.171], pleased to meet you

Fri 2020-09-04 12:47:48.541: [03725116] --> 250-ETRN

Fri 2020-09-04 12:47:48.541: [03725116] Location Screening hiding AUTH 
from country Paraguay, South America

Fri 2020-09-04 12:47:48.541: [03725116] --> 250-8BITMIME
Fri 2020-09-04 12:47:48.541: [03725116] --> 250-ENHANCEDSTATUSCODES
Fri 2020-09-04 12:47:48.541: [03725116] --> 250 SIZE

Fri 2020-09-04 12:47:48.990: [03725116] <-- MAIL 
FROM:<[email protected]> SIZE=267146
Fri 2020-09-04 12:47:48.998: [03725116] Performing PTR lookup 
(171.208.112.190.IN-ADDR.ARPA)
Fri 2020-09-04 12:47:49.001: [03725116] * D=171.208.112.190.IN-ADDR.ARPA 
TTL=(1110) PTR=[blue2.pla.net.py]
Fri 2020-09-04 12:47:49.002: [03725116] *  D=blue2.pla.net.py TTL=(1110) 
A=[190.112.208.171]

Fri 2020-09-04 12:47:49.002: [03725116] ---- End PTR results

Fri 2020-09-04 12:47:49.004: [03725116] Performing IP lookup 
(blue2.pla.net.py)
Fri 2020-09-04 12:47:49.005: [03725116] *  D=blue2.pla.net.py TTL=(1110) 
A=[190.112.208.171]

Fri 2020-09-04 12:47:49.005: [03725116] ---- End IP lookup results
Fri 2020-09-04 12:47:49.011: [03725116] Performing IP lookup (guyra.org.py)

Fri 2020-09-04 12:47:50.387: [03725116] *  D=guyra.org.py TTL=(240) 
A=[190.112.208.171]

Fri 2020-09-04 12:47:50.387: [03725116] ---- End IP lookup results

Fri 2020-09-04 12:47:50.397: [03725116] Performing SPF lookup 
(blue2.pla.net.py / 190.112.208.171)
Fri 2020-09-04 12:48:50.398: [03725116] *  DNS: 60 second wait for DNS 
response exceeded (DNS Server: 202.155.0.10)
Fri 2020-09-04 12:48:50.416: [03725116] *  Result: none; no SPF record 
in DNS

Fri 2020-09-04 12:48:50.416: [03725116] ---- End SPF results

Fri 2020-09-04 12:48:50.417: [03725116] Performing SPF lookup 
(guyra.org.py / 190.112.208.171)
Fri 2020-09-04 12:48:50.874: [03725116] *  Policy: v=spf1 a mx 
ip4:190.112.208.171 mx:mail2.guyra.org.py ~all

Fri 2020-09-04 12:48:50.881: [03725116] *  Evaluating a: match
Fri 2020-09-04 12:48:50.881: [03725116] *  Result: pass
Fri 2020-09-04 12:48:50.881: [03725116] ---- End SPF results
Fri 2020-09-04 12:48:50.881: [03725116] --> 250 2.1.0 Sender OK

Fri 2020-09-04 12:48:51.324: [03725116] <-- RCPT 
TO:<[email protected]>
Fri 2020-09-04 12:48:51.331: [03725116] Performing DNS-BL lookup 
(190.112.208.171 - connecting IP)

Fri 2020-09-04 12:48:51.417: [03725116] *  zen.spamhaus.org - passed
Fri 2020-09-04 12:48:51.606: [03725116] *  bl.spamcop.net - passed
Fri 2020-09-04 12:48:51.606: [03725116] ---- End DNS-BL results
Fri 2020-09-04 12:48:51.607: [03725116] --> 250 2.1.5 Recipient OK
Fri 2020-09-04 12:48:52.051: [03725116] <-- DATA

Fri 2020-09-04 12:48:52.052: [03725116] --> 354 Enter mail, end with 
<CRLF>.<CRLF>

Fri 2020-09-04 12:48:55.273: [03725116] Message size: 267455 bytes
Fri 2020-09-04 12:48:55.275: [03725116] Performing DKIM verification

Fri 2020-09-04 12:48:55.275: [03725116] *  File: 
c:\mdaemon\queues\temp\md5001000086543.tmp

Fri 2020-09-04 12:48:55.275: [03725116] *  Message-ID: n/a

Fri 2020-09-04 12:48:55.694: [03725116] * DKIM-Signature 1: v=1; 
a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=guyra.org.py; s=default; ; 
<some tags are not logged>
Fri 2020-09-04 12:48:55.694: [03725116] *    Verification result: good 
signature

Fri 2020-09-04 12:48:55.699: [03725116] *  Result: pass
Fri 2020-09-04 12:48:55.699: [03725116] ---- End DKIM results
Fri 2020-09-04 12:48:55.708: [03725116] Performing DMARC processing

Fri 2020-09-04 12:48:55.708: [03725116] *  File: 
c:\mdaemon\queues\temp\md5001000086543.tmp

Fri 2020-09-04 12:48:55.708: [03725116] *  Message-ID: n/a
Fri 2020-09-04 12:48:55.708: [03725116] *  Author domain: guyra.org.py

Fri 2020-09-04 12:48:55.708: [03725116] *  Organizational domain: 
guyra.org.py

Fri 2020-09-04 12:48:55.708: [03725116] *  Query domain: _dmarc.guyra.org.py

Fri 2020-09-04 12:48:56.136: [03725116] *    Policy record: v=DMARC1; 
p=none; sp=none; pct=100; ri=86400
Fri 2020-09-04 12:48:56.136: [03725116] *  Checking authentication 
mechanisms for DMARC alignment
Fri 2020-09-04 12:48:56.136: [03725116] *    SPF: domain "guyra.org.py" 
passed SPF check; and domain is DMARC aligned
Fri 2020-09-04 12:48:56.141: [03725116] *    DKIM: domain "guyra.org.py" 
(from d= of signature #1) verified; and domain is DMARC aligned

Fri 2020-09-04 12:48:56.141: [03725116] *  Result: pass
Fri 2020-09-04 12:48:56.141: [03725116] ---- End DMARC results

Fri 2020-09-04 12:48:56.145: [03725116] Passing message through 
AntiVirus (Size: 267455)...
Fri 2020-09-04 12:48:56.295: [03725116] *  Message scanned by (Cyren AV) 
is infected with W97M/Downldr.IE.gen!Eldorado

Fri 2020-09-04 12:48:56.295: [03725116] ---- End AntiVirus results

Fri 2020-09-04 12:48:56.295: [03725116] Message refused because it 
contains a virus
Fri 2020-09-04 12:48:56.295: [03725116] --> 550 5.6.0 Sorry, virus 
detected within message

Fri 2020-09-04 12:48:56.743: [03725116] <-- QUIT
Fri 2020-09-04 12:48:56.743: [03725116] --> 221 2.0.0 See ya in cyberspace

Fri 2020-09-04 12:48:56.743: [03725116] SMTP session terminated (Bytes 
in/out: 267577/382)

Fri 2020-09-04 12:48:56.743: ----------

--
--[mdaemon-l]----------------------------------------------------------
Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia

Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette
Arsip: http://mdaemon-l.dutaint.com
Dokumentasi : http://mdaemon.dutaint.co.id
Berlangganan: Kirim mail ke [email protected]
Henti Langgan: Kirim mail ke [email protected]
Versi terakhir: MDaemon 20.0.1, SecurityGateway 7.0
























					Kirim email ke