Nasty virus/trojan in emails

Forum for things that doesn't really have anything to do with hMailServer. Such as php.ini, beer, etc etc.
Post Reply
Kendo
Normal user
Normal user
Posts: 101
Joined: 2015-07-08 23:33
Location: Rural Australia

Nasty virus/trojan in emails

Post by Kendo » 2020-03-05 07:18

It has happened a few times now... my antiyvirus detects a trojan/virus in an email in my Thunderbord INBOX and fixes it almost immediately. Only problem with that is that it deletes the contents of all emails in the INBOX and just leaves the subject list. Of course all of those emails listed are blank.

I have lost a lot of current discussions over this and it all happens so quickly that I don't get to see anything about the infected email. Lucky I am only getting these emails on one email address.

So as to not lose any more emails that may be ongoing business, I now move all emails from that INBOX to a CURRENT folder so that if it happens again, I only lose what has just come in and can get anything else from the server.

Anyone else have this experience?

User avatar
SorenR
Senior user
Senior user
Posts: 3738
Joined: 2006-08-21 15:38
Location: Denmark

Re: Nasty virus/trojan in emails

Post by SorenR » 2020-03-05 12:43

Kendo wrote:
2020-03-05 07:18
It has happened a few times now... my antiyvirus detects a trojan/virus in an email in my Thunderbord INBOX and fixes it almost immediately. Only problem with that is that it deletes the contents of all emails in the INBOX and just leaves the subject list. Of course all of those emails listed are blank.

I have lost a lot of current discussions over this and it all happens so quickly that I don't get to see anything about the infected email. Lucky I am only getting these emails on one email address.

So as to not lose any more emails that may be ongoing business, I now move all emails from that INBOX to a CURRENT folder so that if it happens again, I only lose what has just come in and can get anything else from the server.

Anyone else have this experience?
Nope ... Then again I don't use Thunderbird ... I have Avast antivirus set to NEVER delete anything, just move it to quarantine and I'll deal with it later. I use Outlook2003 on an old XP and eM Client on my Win10.

I do have some script code that will forward a COMPLETE copy of an email to Postmaster in case one or more attachments are deleted by hMailServer.
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

palinka
Senior user
Senior user
Posts: 2071
Joined: 2017-09-12 17:57

Re: Nasty virus/trojan in emails

Post by palinka » 2020-03-05 13:15

That doesn't sound right. Sounds more like a nasty antivirus than a nasty virus.

Better to handle this on the server. There's a tutorial for clamAV with sane security definitions. Server updates definitions hourly. The antivirus app on your client machine probably doesn't do that. Better to prevent the virus from getting transmitted to the client than to deal with crazy unexpected results from antivirus behavior on the client.

User avatar
mattg
Moderator
Moderator
Posts: 21025
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Nasty virus/trojan in emails

Post by mattg » 2020-03-06 01:36

palinka wrote:
2020-03-05 13:15
Sounds more like a nasty antivirus than a nasty virus.
Yep, I agree
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

Kendo
Normal user
Normal user
Posts: 101
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: Nasty virus/trojan in emails

Post by Kendo » 2020-03-06 02:42

Sounds more like a nasty antivirus than a nasty virus.
Actually I find Microsoft Security Essentials best. It was not deleted... quarantined. But without a means to see subject or who the sender/recipient was.

Segregating new mail does the trick.

User avatar
SorenR
Senior user
Senior user
Posts: 3738
Joined: 2006-08-21 15:38
Location: Denmark

Re: Nasty virus/trojan in emails

Post by SorenR » 2020-03-06 13:59

Kendo wrote:
2020-03-06 02:42
Sounds more like a nasty antivirus than a nasty virus.
Actually I find Microsoft Security Essentials best. It was not deleted... quarantined. But without a means to see subject or who the sender/recipient was.

Segregating new mail does the trick.
You may want to switch to a different product. MSE is dangerous!

If their commandline scan behave like this then what about their real-time scan?
https://answers.microsoft.com/en-us/pro ... bfc2657ff6
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
RvdH
Senior user
Senior user
Posts: 1094
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Nasty virus/trojan in emails

Post by RvdH » 2020-03-06 17:46

SorenR wrote:
2020-03-06 13:59
You may want to switch to a different product. MSE is dangerous!

If their commandline scan behave like this then what about their real-time scan?
https://answers.microsoft.com/en-us/pro ... bfc2657ff6
:)
I completely forgot about that topic.... well 6 years further and nothing is done with an additional returncode....i ditched mse as a virusscanner for hmailserver use long time ago because of this
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

Kendo
Normal user
Normal user
Posts: 101
Joined: 2015-07-08 23:33
Location: Rural Australia

Re: Nasty virus/trojan in emails

Post by Kendo » 2020-03-06 23:14

MSE is dangerous!
Maybe for command-line... 6 years ago. But I don't use it with CMD or use it with any other apps. Just runs in the background and does a fantastic trouble-free job.

Have tried all the others. Was an agent for one of them at one time. They are so busy plagiarising each other that they incorporate the same mistakes.

User avatar
SorenR
Senior user
Senior user
Posts: 3738
Joined: 2006-08-21 15:38
Location: Denmark

Re: Nasty virus/trojan in emails

Post by SorenR » 2020-03-06 23:33

Kendo wrote:
2020-03-06 23:14
MSE is dangerous!
Maybe for command-line... 6 years ago. But I don't use it with CMD or use it with any other apps. Just runs in the background and does a fantastic trouble-free job.

Have tried all the others. Was an agent for one of them at one time. They are so busy plagiarising each other that they incorporate the same mistakes.
Return code on command-line has not changed...
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

User avatar
mattg
Moderator
Moderator
Posts: 21025
Joined: 2007-06-14 05:12
Location: 'The Outback' Australia

Re: Nasty virus/trojan in emails

Post by mattg » 2020-03-17 16:57

Henry22 wrote:
2020-03-17 16:11
Do I need to installed a Antivirus to protect my PC again Virus?
Really??
Just 'cause I link to a page and say little else doesn't mean I am not being nice.
https://www.hmailserver.com/documentation

User avatar
RvdH
Senior user
Senior user
Posts: 1094
Joined: 2008-06-27 14:42
Location: Netherlands

Re: Nasty virus/trojan in emails

Post by RvdH » 2020-03-17 17:25

mattg wrote:
2020-03-17 16:57
Henry22 wrote:
2020-03-17 16:11
Do I need to installed a Antivirus to protect my PC again Virus?
Really??
I don't have anything scanning e-mails handled by hmailserver, I do block attachments and inspect content inside zip files however
Basically it does what sanesecurity foxhole definitions do without needing to reserve around 600mb just to run ClamAV and it's signatures

And this is my list of blocked extensions in hmailserver:
7-Zip Archive (*.7z)
Microsoft Access Project Extension File (*.ade)
Microsoft Access Project File (*.adp)
ARJ Archive (*.arj)
Batch processing file (*.bat)
Compiled HTML Help File (*.chm)
Command file for Windows NT (*.cmd)
Command (*.com)
Windows Control Panel extension (*.cpl)
CSH script (*.csh)
Word 2007-2016 document with macro (*.docm)
Executable file (*.exe)
HTML Application File (*.hta)
Setup file (*.inf)
Internet Settings File (*.ins)
Internet Service Provider Settings File (*.isp)
Java Archive (*.jar)
JavaScript File (*.js)
Java Server Page File (*.jsp)
Windows link file (*.lnk)
Windows Installer file (*.msi)
Windows Installer patch (*.msp)
Program Information File (*.pif)
PowerShell Script (*.ps1)
WinRar Archive (*.rar)
Registration key (*.reg)
Windows Explorer command (*.scf)
Windows Screen saver (*.scr)
VBScript Encoded Script File (*.vbe)
VBScript Script File (*.vbs)
Virtual Device Driver (*.vxd)
Windows Script Components (*.wsc)
Windows Script File (*.wsf)
Windows Script Host (*.wsh)
CIDR to RegEx: d-fault.nl/CIDRtoRegEx
DNS Lookup: d-fault.nl/DNSTools
DNSBL Lookup: d-fault.nl/DNSBLLookup
GEOIP Lookup: d-fault.nl/GeoipLookup

User avatar
SorenR
Senior user
Senior user
Posts: 3738
Joined: 2006-08-21 15:38
Location: Denmark

Re: Nasty virus/trojan in emails

Post by SorenR » 2020-03-17 20:25

mattg wrote:
2020-03-17 16:57
Henry22 wrote:
2020-03-17 16:11
Do I need to installed a Antivirus to protect my PC again Virus?
Really??
I use attachment blocking (with a script to CC Postmaster the complete mail if an attachment is removed)
I moved ClamD checking to SpamAssassin as it turned out to be more efficient in finding "stuff", more than ClamD directly from hMailServer (no idea why)
SørenR.

“Those who don't know history are doomed to repeat it.”
― Edmund Burke

Post Reply