Dear Pak Syafril, Saya ada issue dimana ada 1 user mengirimkan email dengan attachment berpassword ke 3 orang, 2 orang dalam to, 1 orang dalam cc (farida) Antivirus mdaemon aktif, dan memiliki exclusion untuk file office berpasword (word, excel, ppt)
Kendalanya adalah 1 orang yang ada di cc tidak bisa menerima email karena berdasarkan log antivirus terdapat winmail.dat Sedangkan 2 lainnya (yang ada di to) email diteruskan dengan notifikasi header email bahwa email tidak bisa di scan Berikut log smtp-in nya Pak Wed 2024-05-08 09:18:59.873: 01: ---------- Wed 2024-05-08 09:18:57.683: 05: [52541448] Session 52541448; child 0021 Wed 2024-05-08 09:18:57.683: 05: [52541448] Accepting SMTP connection from 36.64.10.242:52314 to 172.30.2.2:465 Wed 2024-05-08 09:18:57.697: 01: [52541448] SSL negotiation successful (TLS 1.2, TLS_RSA_WITH_AES_128_CBC_SHA256) Wed 2024-05-08 09:18:57.697: 03: [52541448] --> 220 mail.fastratabuana.co.id ESMTP MDaemon 23.0.2; Wed, 08 May 2024 09:18:57 +0700 Wed 2024-05-08 09:18:57.725: 02: [52541448] <-- EHLO TROUBLESHOOTER Wed 2024-05-08 09:18:57.725: 03: [52541448] --> 250-mail.fastratabuana.co.id Hello TROUBLESHOOTER [36.64.10.242], pleased to meet you Wed 2024-05-08 09:18:57.725: 03: [52541448] --> 250-ETRN Wed 2024-05-08 09:18:57.725: 03: [52541448] --> 250-AUTH LOGIN CRAM-MD5 PLAIN Wed 2024-05-08 09:18:57.725: 03: [52541448] --> 250-8BITMIME Wed 2024-05-08 09:18:57.725: 03: [52541448] --> 250-ENHANCEDSTATUSCODES Wed 2024-05-08 09:18:57.725: 03: [52541448] --> 250-PIPELINING Wed 2024-05-08 09:18:57.725: 03: [52541448] --> 250-CHUNKING Wed 2024-05-08 09:18:57.725: 03: [52541448] --> 250-REQUIRETLS Wed 2024-05-08 09:18:57.725: 03: [52541448] --> 250 SIZE Wed 2024-05-08 09:18:57.741: 02: [52541448] <-- AUTH LOGIN Wed 2024-05-08 09:18:57.741: 03: [52541448] --> 334 VXNlcm5hbWU6 Wed 2024-05-08 09:18:57.748: 02: [52541448] <-- cGFtYnVkaS5zdW5hcnNpaGFudG9Aa2FwYWxhcGkuY28uaWQ= Wed 2024-05-08 09:18:57.748: 03: [52541448] --> 334 UGFzc3dvcmQ6 Wed 2024-05-08 09:18:57.762: 02: [52541448] <-- ****** Wed 2024-05-08 09:18:57.762: 01: [52541448] Authenticating [email protected]... Wed 2024-05-08 09:18:57.765: 01: [52541448] Authenticated as [email protected] Wed 2024-05-08 09:18:57.765: 03: [52541448] --> 235 2.7.0 Authentication successful Wed 2024-05-08 09:18:57.797: 02: [52541448] <-- MAIL FROM: <[email protected]> Wed 2024-05-08 09:18:57.798: 03: [52541448] --> 250 2.1.0 Sender OK Wed 2024-05-08 09:18:57.827: 02: [52541448] <-- RCPT TO: <[email protected]> Wed 2024-05-08 09:18:57.830: 03: [52541448] --> 250 2.1.5 Recipient OK Wed 2024-05-08 09:18:57.836: 02: [52541448] <-- RCPT TO: <[email protected]> Wed 2024-05-08 09:18:57.846: 03: [52541448] --> 250 2.1.5 Recipient OK Wed 2024-05-08 09:18:57.854: 02: [52541448] <-- DATA Wed 2024-05-08 09:18:57.855: 03: [52541448] --> 354 Enter mail, end with <CRLF>.<CRLF> Wed 2024-05-08 09:18:57.968: 01: [52541448] Message size: 379759 bytes Wed 2024-05-08 09:18:57.971: 11: [52541448] Outbreak Protection: Processing skipped. Authenticated connection. Wed 2024-05-08 09:18:57.980: 01: [52541448] Message creation successful: d:\mdaemon\queues\inbound\62\md5001000882996.msg Wed 2024-05-08 09:18:57.980: 03: [52541448] --> 250 2.6.0 Ok, message saved <Message-ID: <[email protected]>> Wed 2024-05-08 09:18:57.981: 02: [52541448] <-- MAIL FROM: <[email protected]> Wed 2024-05-08 09:18:57.983: 03: [52541448] --> 250 2.1.0 Sender OK Wed 2024-05-08 09:18:57.993: 02: [52541448] <-- RCPT TO: <[email protected]> Wed 2024-05-08 09:18:57.996: 03: [52541448] --> 250 2.1.5 Recipient OK Wed 2024-05-08 09:18:58.004: 02: [52541448] <-- DATA Wed 2024-05-08 09:18:58.005: 03: [52541448] --> 354 Enter mail, end with <CRLF>.<CRLF> Wed 2024-05-08 09:18:58.060: 01: [52541448] Message size: 399662 bytes Wed 2024-05-08 09:18:58.063: 11: [52541448] Outbreak Protection: Processing skipped. Authenticated connection. Wed 2024-05-08 09:18:58.123: 01: [52541448] Message creation successful: d:\mdaemon\queues\inbound\63\md5001000882994.msg Wed 2024-05-08 09:18:58.123: 03: [52541448] --> 250 2.6.0 Ok, message saved <Message-ID: <[email protected]>> Wed 2024-05-08 09:19:00.587: 02: [52541448] <-- QUIT Wed 2024-05-08 09:19:00.587: 03: [52541448] --> 221 2.0.0 See ya in cyberspace Wed 2024-05-08 09:19:00.587: 01: [52541448] SMTP session successful (Bytes in/out: 787552/1973) Wed 2024-05-08 09:19:00.587: 01: ---------- Berikut log antivirusnya Wed 2024-05-08 09:20:52.024: ---------- Wed 2024-05-08 09:20:52.040: MDaemon AntiVirus processing d:\mdaemon\queues\local\md3501176517696.msg... Wed 2024-05-08 09:20:52.040: * Message return-path: [email protected] Wed 2024-05-08 09:20:52.040: * Message from: [email protected] Wed 2024-05-08 09:20:52.040: * Message to: [email protected] Wed 2024-05-08 09:20:52.040: * Message subject: Data karyawan beserta benchmark Wed 2024-05-08 09:20:52.040: * Message ID: <[email protected]> Wed 2024-05-08 09:20:52.040: Start MDaemon AntiVirus results Wed 2024-05-08 09:20:52.042: * IKARUS AV: clean (0.00212 s) D:\MDaemon\CFilter\TEMP\574510969\pd3087519476.hdr Wed 2024-05-08 09:20:52.044: * IKARUS AV: clean (0.00182 s) D:\MDaemon\CFilter\WORK\1442920902\pd96316508.txt Wed 2024-05-08 09:20:52.046: * IKARUS AV: clean (0.00150 s) D:\MDaemon\CFilter\WORK\1442920902\pd925128266.txt Wed 2024-05-08 09:20:52.050: * IKARUS AV: non-scan (0.00456 s) D:\MDaemon\CFilter\TEMP\574510969\pd1497815400.att Wed 2024-05-08 09:20:52.050: * (IKARUS AV) D&I_Data Mercer (3).xlsx could not be scanned - password-protected Wed 2024-05-08 09:20:52.050: * D&I_Data Mercer (3).xlsx is in non-scan exclusion list Wed 2024-05-08 09:20:52.050: * Total attachments scanned : 3 (including multipart/alternatives and message body) Wed 2024-05-08 09:20:52.050: * Total attachments infected : 0 Wed 2024-05-08 09:20:52.050: * Total attachments disinfected: 0 Wed 2024-05-08 09:20:52.050: * Total errors while scanning : 1 Wed 2024-05-08 09:20:52.050: * Total attachments removed : 0 Wed 2024-05-08 09:20:52.090: End of MDaemon AntiVirus results Wed 2024-05-08 09:20:52.090: ---------- Wed 2024-05-08 09:20:52.101: MDaemon AntiVirus processing d:\mdaemon\queues\local\md3501176517697.msg... Wed 2024-05-08 09:20:52.101: * Message return-path: [email protected] Wed 2024-05-08 09:20:52.101: * Message from: [email protected] Wed 2024-05-08 09:20:52.101: * Message to: [email protected] Wed 2024-05-08 09:20:52.101: * Message subject: Data karyawan beserta benchmark Wed 2024-05-08 09:20:52.101: * Message ID: <[email protected]> Wed 2024-05-08 09:20:52.101: Start MDaemon AntiVirus results Wed 2024-05-08 09:20:52.103: * IKARUS AV: clean (0.00172 s) D:\MDaemon\CFilter\TEMP\574510969\pd310808498.hdr Wed 2024-05-08 09:20:52.104: * IKARUS AV: clean (0.00124 s) D:\MDaemon\CFilter\WORK\1442920902\pd2441319283.txt Wed 2024-05-08 09:20:52.105: * IKARUS AV: clean (0.00114 s) D:\MDaemon\CFilter\WORK\1442920902\pd2774422109.txt Wed 2024-05-08 09:20:52.107: * IKARUS AV: non-scan (0.00201 s) D:\MDaemon\CFilter\TEMP\574510969\pd663221288.att Wed 2024-05-08 09:20:52.107: * (IKARUS AV) D&I_Data Mercer (3).xlsx could not be scanned - password-protected Wed 2024-05-08 09:20:52.107: * D&I_Data Mercer (3).xlsx is in non-scan exclusion list Wed 2024-05-08 09:20:52.107: * Total attachments scanned : 3 (including multipart/alternatives and message body) Wed 2024-05-08 09:20:52.107: * Total attachments infected : 0 Wed 2024-05-08 09:20:52.107: * Total attachments disinfected: 0 Wed 2024-05-08 09:20:52.107: * Total errors while scanning : 1 Wed 2024-05-08 09:20:52.107: * Total attachments removed : 0 Wed 2024-05-08 09:20:52.162: End of MDaemon AntiVirus results Wed 2024-05-08 09:20:52.162: ---------- Wed 2024-05-08 09:20:52.173: MDaemon AntiVirus processing d:\mdaemon\queues\local\md3501176517698.msg... Wed 2024-05-08 09:20:52.173: * Message return-path: [email protected] Wed 2024-05-08 09:20:52.173: * Message from: [email protected] Wed 2024-05-08 09:20:52.173: * Message to: [email protected] Wed 2024-05-08 09:20:52.173: * Message subject: Data karyawan beserta benchmark Wed 2024-05-08 09:20:52.173: * Message ID: <[email protected]> Wed 2024-05-08 09:20:52.173: Start MDaemon AntiVirus results Wed 2024-05-08 09:20:52.173: * Found MS-TNEF file: winmail.dat Wed 2024-05-08 09:20:52.173: * Scanning for embedded attachments... Wed 2024-05-08 09:20:52.173: * Found D&I_Data Mercer (3).xlsx Wed 2024-05-08 09:20:52.176: * (IKARUS AV) D&I_Data Mercer (3).xlsx could not be scanned Wed 2024-05-08 09:20:52.176: * Total attachments scanned : 0 (including multipart/alternatives and message body) Wed 2024-05-08 09:20:52.176: * Total attachments infected : 0 Wed 2024-05-08 09:20:52.176: * Total attachments disinfected: 0 Wed 2024-05-08 09:20:52.176: * Total errors while scanning : 1 Wed 2024-05-08 09:20:52.184: * Message moved to d:\mdaemon\cfilter\quarant\md5001000003076.msg Wed 2024-05-08 09:20:52.187: * Virus notification sent to [email protected] (sender) Wed 2024-05-08 09:20:52.189: * Virus notification sent to [email protected] (recipient) Wed 2024-05-08 09:20:52.191: * Virus notification sent to [email protected] (admin) Wed 2024-05-08 09:20:52.193: End of MDaemon AntiVirus results Wed 2024-05-08 09:20:52.193: ---------- Mohon penjelasannya pak, kenapa recipient dalam cc (farida) tidak bisa menerima email, muncul winmail.dat dan amsuk quarantine ? Apa yang harus diperbaiki agar email bisa diterima oleh ketiga penerima? Terimakasih, Asep. Y -- --[mdaemon-l]---------------------------------------------------------- Milis ini untuk Diskusi antar pengguna MDaemon Mail Server di Indonesia Netiket: https://wiki.openstack.org/wiki/MailingListEtiquette Arsip: http://mdaemon-l.dutaint.com Dokumentasi : http://mdaemon.dutaint.com Berlangganan: Kirim mail ke [email protected] Henti Langgan: Kirim mail ke [email protected] Versi terakhir: MDaemon 23.5.3, SecurityGateway 9.5.3
