This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Puremessage not scanning Inbound and Outbound for Anti-Virus. Only Internal

Hey Guys,

we have some trouble with Anti-virus scanning on Inbound and Outbound E-Mails....
If i send a E-Mail with a Virus in a .doc File to someone in my Company, PureMessage Quarantined this mesage. The Settings for "On infection" are the same as for Inbound, Outbound and Internal but it's only working for Internal Mails.

We have a Sophos Mail Appliance (ES100) in front of our Exchange Server and PureMessage is installed on our Exchange Server. Both Systems didn't find the Virus in the .doc File (CXmail/OleDI-A Virus). The Activity monitor will notice this Virus only on internal messages.

Any ideas what's wrong?



This thread was automatically locked due to age.
Parents
  • Hey Benedikt! Thanks for your post..
    If you send an EICAR test...does it block the email?

    proceed with the following steps to enable X-headers:
    Open Puremessage admin console
    Select anti-spam (under the left pane - transport SMTP scanning policy)
    Select configure subject tags and x-headers (right pane)
    Select x-header for unscanned, spam and spam score
    Hit OK and save changes

    Send an email from an external account. check the email headers....do you see any internal MTA besides the exchange server itself? if you're using the email appliance, you should see something like.....received from "email appliance IP address" by "exchange server IP address"

    Make sure you have your trusted relays in place...in your case the email appliance ip address.

    PureMessage uses the configured mail domains, trusted upstream relays, and IP address of the connecting host to distinguish between inbound, outbound and internal mail.

    How does PureMessage route mail?
    1. Is the recipient domain on the configured mail domain list?
    No: the message is outbound.
    Yes: go to step 2.

    2. Is the sender’s IP address external?
    Yes: the message is inbound.
    No: go to step 3.

    3. Is the sender’s IP address internal or unavailable?
    Internal: go to step 4.
    Unavailable: the message is internal.

    4. Is the internal IP address on the list of trusted relays?
    Yes: the message is inbound.
    No: the message is internal.


    Make sure puremessage transport agent is loaded and active on the exchange transport...
    open exchange powershell
    run the cmdlet: Get-TransportAgent

    Send an email from an external account with the following string in the subject and email body: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


    Thanks
Reply
  • Hey Benedikt! Thanks for your post..
    If you send an EICAR test...does it block the email?

    proceed with the following steps to enable X-headers:
    Open Puremessage admin console
    Select anti-spam (under the left pane - transport SMTP scanning policy)
    Select configure subject tags and x-headers (right pane)
    Select x-header for unscanned, spam and spam score
    Hit OK and save changes

    Send an email from an external account. check the email headers....do you see any internal MTA besides the exchange server itself? if you're using the email appliance, you should see something like.....received from "email appliance IP address" by "exchange server IP address"

    Make sure you have your trusted relays in place...in your case the email appliance ip address.

    PureMessage uses the configured mail domains, trusted upstream relays, and IP address of the connecting host to distinguish between inbound, outbound and internal mail.

    How does PureMessage route mail?
    1. Is the recipient domain on the configured mail domain list?
    No: the message is outbound.
    Yes: go to step 2.

    2. Is the sender’s IP address external?
    Yes: the message is inbound.
    No: go to step 3.

    3. Is the sender’s IP address internal or unavailable?
    Internal: go to step 4.
    Unavailable: the message is internal.

    4. Is the internal IP address on the list of trusted relays?
    Yes: the message is inbound.
    No: the message is internal.


    Make sure puremessage transport agent is loaded and active on the exchange transport...
    open exchange powershell
    run the cmdlet: Get-TransportAgent

    Send an email from an external account with the following string in the subject and email body: X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*


    Thanks
Children
No Data