Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Connect » Over zealous AV?
  •  
HidS

Messages: 32
Karma: 0
Send a private message to this user
I'm getting a situation where one of our largest customers has stopped accepting attachments from us.

The text goes through but they can't open our attachments.

They say that there is extra data at the end of our mail that 'may be potentially harmful'.

Everyone else I know can receive it fine.

My guess is that they have amped up the settings on their AV prog and is blocking my attachments due to winmail.dat?

If I send a msg using Plain Text and NOT using Word to edit msgs, everything is ok.

2 issues.

a) Using plain text and no Word is not ideal.
b) I can't ask our main customer to relax their AV policy.

Is this a winmail.dat issue? If so, is there a solution?
  •  
bperkins

Messages: 359
Karma: 0
Send a private message to this user
I've encountered this also, but don't have enough information to give to Kerio Support.

In our case, the complaints are with F-Secure antivirus. Here is an email I got from someone trying to explain what happens:

"Hi Brian,
I had another attachment removed. I get a box popping up saying 'E-mail
scanning report'. Under attachment it says: Reason: 'Malformed message'
Action: 'Attachment removed'."

I'm trying to collect more data so I can contact support. I don't know if this happens with other antivirus products. I also don't know if its a bug in KMS or F-Secure.
  •  
HidS

Messages: 32
Karma: 0
Send a private message to this user
Let me add a bit more detail.

They use BlackSpider and the error is "Format [long-words]" which is:

A message header contains long unbroken block of data exceeding a configured maximum length.

Whatever that means.
  •  
jratliff

Messages: 4
Karma: 0
Send a private message to this user
We have this exact problem. It appears that any message sent with the KOC which contains an attachment is getting stripped by whomever is receiving the e-mail if they are using F-Secure. This only happens when the user sending the attachment is using Outlook and the KOC and the receiving client is using F-Secure.
I submitted a trouble ticket to Kerio but got the standard bozo tech support response that "I needed to contact technical support for our third-party application".
  •  
Kerio_jthomas

Messages: 511
Karma: 1
Send a private message to this user
James,

I found your ticket and looked at it.

If it's only F-Secure that is doing this (and not other virus scanning programs), then going to F-Secure is the correct route. I also want to submit a bug report to F-Secure, but I'll need a source .eml file from you, so I'll be reopening your ticket shortly.

-Joshua

Joshua Thomas
Technical Support Manager
2350 Mission College Blvd, Suite 400
Santa Clara, CA 95054
Phone: (408) 496-4500
Fax: (408) 496-6902
http://www.kerio.com/support.html

  •  
Kerio_jthomas

Messages: 511
Karma: 1
Send a private message to this user
We had a previous issue with F-Secure and attachments, for the following versions:

F-Secure Anti-Virus Client Security 5.56 build 11160
F-Secure Anti-Virus Client Security 5.55 build 10460
F-Secure Anti-Virus Client Security 5.52

If these versions are being used, they should be updated, as the issue is fixed in more recent versions.

-Joshua

Joshua Thomas
Technical Support Manager
2350 Mission College Blvd, Suite 400
Santa Clara, CA 95054
Phone: (408) 496-4500
Fax: (408) 496-6902
http://www.kerio.com/support.html

  •  
bperkins

Messages: 359
Karma: 0
Send a private message to this user
Josh,

We are experiencing the problem with the following version:

F-Secure Anti-Virus Client Security 6.0 Build 11251

Did you ever file a report with F-Secure?

Thanks,
Brian
  •  
gerco

Messages: 39
Karma: 0
Send a private message to this user
I have this problem sending to a recipient using blackspider outsourced antivirus.

Blackspider uses multiple different vendor's products and the error given is:

Quote:


The quarantine disposition "format [long-words]" refers to an email where there is an unbroken string of 196 characters or more in one of the mail headers, including the To: or Cc: fields, as well as the attachment MIME headers.

The reason the message is quarantined is that it potentially allows malicious code execution a variety of mail clients, for example some versions of Microsoft Outlook and Microsoft Outlook Express (see http://www.microsoft.com/technet/security/Bulletin/MS00-043. mspx).



The mail header that I assume the KOC has added which causes this email to be blocked by blackspider is:

Content-Type: application/pdf; name="Butten Island.pdf"
Content-Transfer-Encoding: base64
Content-Disposition: attachment; size="63 kB";filename="Butten Island.pdf"
X-MAPI: QkFTRTY0OiIvdGFncy8zMDA3MDA0MCIgIlNZU1RJTUUgYzg2ZGM4ZGMgMDFj NjllYTkiICIvdGFncy8zMDA4MDA0MCIgIlNZU1RJTUUgYzg3ZTc5NTIgMDFj NjllYTkiICIvdGFncy8zNzAzMDAxZiIgIlNUUklOR1cgfi5wZGZ


Kerio may not see this as a bug to be fixed but I do. My customer is not going to want to relax his antivirus and we cannot send him mail. Is there a way to stop this long X-Mapi header item being added, what it it's purpose..?
Previous Topic: Delivering Mails to user in the same Maildomain but not in the Userlist
Next Topic: Delay when Outlooks connects with Kerio
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Sun Nov 19 19:10:16 CET 2017

Total time taken to generate the page: 0.00501 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.