This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Puremessage not scanning Inbound and Outbound for Anti-Virus. Only Internal

Hey Guys,

we have some trouble with Anti-virus scanning on Inbound and Outbound E-Mails....
If i send a E-Mail with a Virus in a .doc File to someone in my Company, PureMessage Quarantined this mesage. The Settings for "On infection" are the same as for Inbound, Outbound and Internal but it's only working for Internal Mails.

We have a Sophos Mail Appliance (ES100) in front of our Exchange Server and PureMessage is installed on our Exchange Server. Both Systems didn't find the Virus in the .doc File (CXmail/OleDI-A Virus). The Activity monitor will notice this Virus only on internal messages.

Any ideas what's wrong?



This thread was automatically locked due to age.
Parents
  • Hey Ziggyedman :)

    Thanks for your reply. Before i wanted to start the tests, i send the Mail with my Virus attachment again and now it works. Internal, Inbound and Outbound, the Message will not get through.
    I didn't do any changes but i noticed, that PureMessage detects the Mail now as Troj/DocDI-BEF. Two days ago the internal Message was blocked and detected with CXmail/OleDI-A. Inbound and Outbound had not been detected as i said.

    E-Mail Headers and trusted relays are fine. Same IP-Address entries.
    A transport agent with the Name "PmE15Transport" is on state "true" and Priority "1". Is this the PureMessage transport agent?

    Looks like PureMessage is working correctly now and with our Sophos ES100 as mail gateway they should do the job as best as they can. :)

    Thanks!
Reply
  • Hey Ziggyedman :)

    Thanks for your reply. Before i wanted to start the tests, i send the Mail with my Virus attachment again and now it works. Internal, Inbound and Outbound, the Message will not get through.
    I didn't do any changes but i noticed, that PureMessage detects the Mail now as Troj/DocDI-BEF. Two days ago the internal Message was blocked and detected with CXmail/OleDI-A. Inbound and Outbound had not been detected as i said.

    E-Mail Headers and trusted relays are fine. Same IP-Address entries.
    A transport agent with the Name "PmE15Transport" is on state "true" and Priority "1". Is this the PureMessage transport agent?

    Looks like PureMessage is working correctly now and with our Sophos ES100 as mail gateway they should do the job as best as they can. :)

    Thanks!
Children
  • Hey Benedikt!
    Great to know that puremessage is working properly....strange though, that it was not being detected even by the email appliance...
    It could happen to be "zero day" for that virus (I haven't cheked that but will do tomorrow), it might not be detected during a short period, while we don't have the detection data for it...but since it was being detected by the internal smtp policy...i don't know...
    Was it being detected by the smtp scan or by the store scan?

    PmE15Transport and PmE15Protocol are the 2 puremessage transport agent components, loaded into the Exchange 2013 transport service (MS Exchange 2007 and 2010 use a different version; PmE12Transport and PmE12Protocol)....all the scanning at the smtp level are performed by the agents...

    Cheers!