GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » Message rejected as malware spam
Message rejected as malware spam [message #151387] Tue, 05 April 2022 16:26 Go to next message
McIrish is currently offline  McIrish
Messages: 256
Registered: October 2011
I'm seeing some emails not coming through. They are being rejected, though the sender is in our whitelist. I "think" this might be a Bitdefender issue, but I'm not entirely sure. The email being rejected has some flight booking info in a pdf. If I have the recipient use a personal account, they get the email with attachments. If they then try to forward it to his domain email account, it's rejected. So, it's not the sender that is being blocked, but the attachments must be causing the issue.

How do I get around this? I can't have false positives rejecting email that is critical to what the company does. Any ideas on how to solve?

[Updated on: Tue, 05 April 2022 16:27]

Report message to a moderator

Re: Message rejected as malware spam [message #151388 is a reply to message #151387] Tue, 05 April 2022 17:27 Go to previous messageGo to next message
boisbleu is currently offline  boisbleu
Messages: 62
Registered: May 2015
I had the same issue a few weeks ago. If this mail is important enought, you can temoraraly disable the bitdefender to receive the mail. After this you must open a ticket at GFI and report this false positive.

Report message to a moderator

Re: Message rejected as malware spam [message #151552 is a reply to message #151388] Mon, 02 May 2022 21:33 Go to previous messageGo to next message
fishtech is currently offline  fishtech
Messages: 609
Registered: September 2010
+1.
i am having this problem.
i'm trying to work with my user and their sender to get a copy of the mail so i can report it, but it's cumbersome.
fp.

Report message to a moderator

Re: Message rejected as malware spam [message #151600 is a reply to message #151552] Tue, 10 May 2022 20:38 Go to previous messageGo to next message
McIrish is currently offline  McIrish
Messages: 256
Registered: October 2011
I'm still seeing this on known good mail. It does not say what blocked it. Is this always a BitDefender issue?

Report message to a moderator

Re: Message rejected as malware spam [message #151606 is a reply to message #151600] Wed, 11 May 2022 17:12 Go to previous messageGo to next message
EduardoPeters is currently offline  EduardoPeters
Messages: 16
Registered: September 2020
If it is Malware or Phishing, then yeah, it is the BitDefender filter blocking the email.

Report message to a moderator

Re: Message rejected as malware spam [message #151608 is a reply to message #151606] Wed, 11 May 2022 18:18 Go to previous messageGo to next message
fishtech is currently offline  fishtech
Messages: 609
Registered: September 2010
It's not clear to me if it's being dropped as 'spam' or 'malware'.

I have Antivirus > 'Deliver the message with malicious code removed' selected. I would have though the user would get the message, but the message is just dropped.

I currently 5 to Spam Score for Bitdefender. I will change that to 4.

ft.

Report message to a moderator

Re: Message rejected as malware spam [message #151631 is a reply to message #151387] Sun, 15 May 2022 09:22 Go to previous messageGo to next message
AndreKl is currently offline  AndreKl
Messages: 33
Registered: March 2018
Location: Germany
lately we have tons of internal email traffic marked as malware or phishing. Even really simple emails.

As we have another Spam/Phishing filter in front of Kerio, we disabled the Malware/Phishing filter in the mailserver.cfg but kept the rest on.

Report message to a moderator

Re: Message rejected as malware spam [message #151673 is a reply to message #151631] Thu, 19 May 2022 19:08 Go to previous messageGo to next message
brandonh75 is currently offline  brandonh75
Messages: 67
Registered: June 2011
Location: Burnsville, MN
Quote:
lately we have tons of internal email traffic marked as malware or phishing. Even really simple emails.
As we have another Spam/Phishing filter in front of Kerio, we disabled the Malware/Phishing filter in the mailserver.cfg but kept the rest on.
We had to do this too...too many false positives lately.

Report message to a moderator

Re: Message rejected as malware spam [message #152301 is a reply to message #151673] Mon, 25 July 2022 19:44 Go to previous messageGo to next message
kingswaygroup is currently offline  kingswaygroup
Messages: 62
Registered: June 2008
This has become a Whack-a-Mole situation. I keep getting valid emails coming from our vendors and customers with .pdf attachments that for some reason or another Bitdefender spits back with a malware or Spam judgement and then I have to whitelist that domain so that I am not babysitting the Kerio quarantine. Turning it off as some have done seems to be the poorer choice if the product is a paid for add-on to Kerio Connect. It should work as expected time and time again. Is it something to do with the variety of creators for .pdf documents and that Bitdefender only knows something about a few so those pass through as clean? Just guessing, but at the least we should be informed as to why we have to submit case after case to support and they adjust for that one situation only. Maybe Bitdefender is just not a good product to be using? We also have Sophos Email Security running as a pre-filter and it sees no issues with these documents. Its frustrating.

David.

David Green

Report message to a moderator

Re: Message rejected as malware spam [message #152722 is a reply to message #152301] Wed, 21 September 2022 21:18 Go to previous messageGo to next message
McIrish is currently offline  McIrish
Messages: 256
Registered: October 2011
Sorry to bring it up again. But this is still a huge issue. I have created a custom rule to allow the domain but emails are still getting detected as phishing or malware. In the most recent case, it's simple pdf files from a bank. Accounytants get pretty angry when you prevent them from getting banking info.

Any ideas on how to stop this from happening? I'm on 9.4.1

Report message to a moderator

Re: Message rejected as malware spam [message #152736 is a reply to message #152722] Thu, 22 September 2022 11:38 Go to previous messageGo to next message
fossa_tino is currently offline  fossa_tino
Messages: 10
Registered: May 2022
Hi,

this article should help you: https://support.kerioconnect.gfi.com/hc/en-us/articles/36001 5194379-Legitimate-Emails-Rejected-as-Malware-or-Phishing-Sp am

We always had and still have the same problem of emails being recognized as malware. However, this is not directly due to Kerio Connect but to BitDefender. We then always proceeded as described in the article and created a support ticket with GFI. These were always processed quite quickly and the signatures in BitDefender were changed.

Report message to a moderator

Re: Message rejected as malware spam [message #152804 is a reply to message #151387] Tue, 04 October 2022 16:56 Go to previous message
Corsa600
Messages: 13
Registered: May 2007
Location: Sweden
+1 I have also problems with pdf´s from travel agencys. Could it be from the Amadeus system maybe?

It´s a HUGE problem! (the solution above is a bit to comlicated to serve my users with)

Report message to a moderator

Previous Topic: Remove duplicate messages
Next Topic: Outlook Contacts, "Person" view broken
Goto Forum:
  

[ Syndicate this forum (XML) ] [ RSS ] [ PDF ]

Current Time: Tue Jun 06 03:45:24 CEST 2023

Total time taken to generate the page: 0.02215 seconds
.:: Contact :: Home :: Acceptable Use Policy ::.

Powered by: FUDforum 3.0.9.
Copyright ©2001-2022 FUDforum Bulletin Board Software