rmoesbergen
commented
8 years ago I've found a proper workaround for this: In /etc/MailScanner/MailScanner.conf, change:
Allowed Sophos Error Messages = to: Allowed Sophos Error Messages = "Password protected file"
This will allow password protected files to pass, but still catch 'real' viruses.
akissa
I'm seeing the following: A mail is received that contains a password protected zip-file. This file is detected as a 'virus', and deleted. In the message status I see the following:
Sophos: Password protected file ./1bL5Ks-0004QY-9f/06.2016.zip/06.2016.pdf
I have set the following settings in the 'MailScanner settings': Virus checks -> 'allow password protected archives': Yes Block encrypted messages: No
Also: the domain is set to 'quarantine' infected messages, but the message is deleted anyway... I suspect that the sophos virus scanner exit code is <> 0 (The man page says it's 16), when a password protected archive is found. This fools Baruwa into thinking the file is virus-infected.
Why the message is not quarantined, I don't know. Is there a time to wait between saving configuration changes in the web-gui and the changes being applied to the mail-node?