GFI Software

Welcome to the GFI Software community forum! For support please open a ticket from https://support.gfi.com.

Home » GFI User Forums » Kerio Connect » Message rejected as malware spam
Message rejected as malware spam [message #151387] Tue, 05 April 2022 16:26 Go to next message
McIrish is currently offline  McIrish
Messages: 252
Registered: October 2011
I'm seeing some emails not coming through. They are being rejected, though the sender is in our whitelist. I "think" this might be a Bitdefender issue, but I'm not entirely sure. The email being rejected has some flight booking info in a pdf. If I have the recipient use a personal account, they get the email with attachments. If they then try to forward it to his domain email account, it's rejected. So, it's not the sender that is being blocked, but the attachments must be causing the issue.

How do I get around this? I can't have false positives rejecting email that is critical to what the company does. Any ideas on how to solve?

[Updated on: Tue, 05 April 2022 16:27]

Report message to a moderator

Re: Message rejected as malware spam [message #151388 is a reply to message #151387] Tue, 05 April 2022 17:27 Go to previous messageGo to next message
boisbleu is currently offline  boisbleu
Messages: 59
Registered: May 2015
I had the same issue a few weeks ago. If this mail is important enought, you can temoraraly disable the bitdefender to receive the mail. After this you must open a ticket at GFI and report this false positive.
Re: Message rejected as malware spam [message #151552 is a reply to message #151388] Mon, 02 May 2022 21:33 Go to previous messageGo to next message
fishtech is currently offline  fishtech
Messages: 605
Registered: September 2010
+1.
i am having this problem.
i'm trying to work with my user and their sender to get a copy of the mail so i can report it, but it's cumbersome.
fp.
Re: Message rejected as malware spam [message #151600 is a reply to message #151552] Tue, 10 May 2022 20:38 Go to previous messageGo to next message
McIrish is currently offline  McIrish
Messages: 252
Registered: October 2011
I'm still seeing this on known good mail. It does not say what blocked it. Is this always a BitDefender issue?
Re: Message rejected as malware spam [message #151606 is a reply to message #151600] Wed, 11 May 2022 17:12 Go to previous messageGo to next message
EduardoPeters is currently offline  EduardoPeters
Messages: 13
Registered: September 2020
If it is Malware or Phishing, then yeah, it is the BitDefender filter blocking the email.
Re: Message rejected as malware spam [message #151608 is a reply to message #151606] Wed, 11 May 2022 18:18 Go to previous messageGo to next message
fishtech is currently offline  fishtech
Messages: 605
Registered: September 2010
It's not clear to me if it's being dropped as 'spam' or 'malware'.

I have Antivirus > 'Deliver the message with malicious code removed' selected. I would have though the user would get the message, but the message is just dropped.

I currently 5 to Spam Score for Bitdefender. I will change that to 4.

ft.
Re: Message rejected as malware spam [message #151631 is a reply to message #151387] Sun, 15 May 2022 09:22 Go to previous messageGo to next message
AndreKl is currently offline  AndreKl
Messages: 30
Registered: March 2018
Location: Germany
lately we have tons of internal email traffic marked as malware or phishing. Even really simple emails.

As we have another Spam/Phishing filter in front of Kerio, we disabled the Malware/Phishing filter in the mailserver.cfg but kept the rest on.
Re: Message rejected as malware spam [message #151673 is a reply to message #151631] Thu, 19 May 2022 19:08 Go to previous messageGo to next message
brandonh75 is currently offline  brandonh75
Messages: 62
Registered: June 2011
Location: Burnsville, MN
Quote:
lately we have tons of internal email traffic marked as malware or phishing. Even really simple emails.
As we have another Spam/Phishing filter in front of Kerio, we disabled the Malware/Phishing filter in the mailserver.cfg but kept the rest on.
We had to do this too...too many false positives lately.
Re: Message rejected as malware spam [message #152301 is a reply to message #151673] Mon, 25 July 2022 19:44 Go to previous message
kingswaygroup is currently offline  kingswaygroup
Messages: 62
Registered: June 2008
This has become a Whack-a-Mole situation. I keep getting valid emails coming from our vendors and customers with .pdf attachments that for some reason or another Bitdefender spits back with a malware or Spam judgement and then I have to whitelist that domain so that I am not babysitting the Kerio quarantine. Turning it off as some have done seems to be the poorer choice if the product is a paid for add-on to Kerio Connect. It should work as expected time and time again. Is it something to do with the variety of creators for .pdf documents and that Bitdefender only knows something about a few so those pass through as clean? Just guessing, but at the least we should be informed as to why we have to submit case after case to support and they adjust for that one situation only. Maybe Bitdefender is just not a good product to be using? We also have Sophos Email Security running as a pre-filter and it sees no issues with these documents. Its frustrating.

David.


David Green
Previous Topic: Kerio connect + RODC
Next Topic: Any experience with 9.4.1 patch1 and koff running on old office versions ( 2010, 2013)
Goto Forum:
  


Current Time: Thu Aug 18 19:53:50 CEST 2022

Total time taken to generate the page: 0.02859 seconds