Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 13 replies
  • Subscribers 1 subscriber
  • Views 5602 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

[9.104-17][POP3S] UTM configuration

wingman
Hi All

I have configured my GMX account to use POP3S with port 995 (pic below). However, when testing the functionality it seems that emails are not properly scanned for virus. I have used the following online service to check for viruses
Free Email Security Check

I can see that UTM is indeed checking for new emails but

1)It quarantined some of the files but not other ones even though there is an attachment with a "bad" extension 
2013:08:11-11:59:28 ****** pop3proxy[10619]: id="1101" severity="info" sys="SecureMail" sub="pop3" name="email quarantined" from="securitycheck@emailsecuritycheck.net" to="******@gmx.us" subject="Test mail 1/7 (ID=zFEu5qpmBiQygS94cogyjQ==)" size="3308" srcip="78.47.119.33" dstip="212.227.17.187" uid="0Ll0sP-1VgQj637Qr-00aoll" ident="0/10619-4-1376218768" reason="ext" extra="bat"
2013:08:11-11:59:28 ****** pop3proxy[10619]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="virenschutz@gmxnet.de" to="******@gmx.us" subject="VIRUS SUSPECTED: securitycheck@emailsecuritycheck.net" size="1488" srcip="0.0.0.0" dstip="212.227.17.187" uid="0LwwHY-1WERBb0jHd-016dm4" ident="0/10619-5-1376218768"
2013:08:11-11:59:29 ****** pop3proxy[10619]: id="1101" severity="info" sys="SecureMail" sub="pop3" name="email quarantined" from="securitycheck@emailsecuritycheck.net" to="******@gmx.us" subject="Test mail 3/7 (ID=zFEu5qpmBiQygS94cogyjQ==)" size="2961" srcip="78.47.119.33" dstip="212.227.17.187" uid="0MgonQ-1VUQ3013Hk-00M0hS" ident="0/10619-6-1376218768" reason="as" extra="confirmed"
2013:08:11-11:59:29 ****** pop3proxy[10619]: id="1101" severity="info" sys="SecureMail" sub="pop3" name="email quarantined" from="securitycheck@emailsecuritycheck.net" to="******@gmx.us" subject="Test mail 4/7 (ID=zFEu5qpmBiQygS94cogyjQ==)" size="3297" srcip="78.47.119.33" dstip="212.227.17.187" uid="0McQoC-1VQ0Cl2F0K-00Hin1" ident="0/10619-7-1376218769" reason="ext" extra="bat"
2013:08:11-11:59:30 ****** pop3proxy[10619]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="securitycheck@emailsecuritycheck.net" to="******@gmx.us" subject="Test mail 5/7 (ID=zFEu5qpmBiQygS94cogyjQ==)" size="3221" srcip="78.47.119.33" dstip="212.227.17.187" uid="0Ls9Zn-1W8MdV2TR1-013wxx" ident="0/10619-8-1376218769"
2013:08:11-11:59:30 ****** pop3proxy[10619]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="securitycheck@emailsecuritycheck.net" to="******@gmx.us" subject="Test mail 6/7 (ID=zFEu5qpmBiQygS94cogyjQ==)" size="3222" srcip="78.47.119.33" dstip="212.227.17.187" uid="0M8ZyV-1W2vfI0ewd-00wFYa" ident="0/10619-9-1376218770"
2013:08:11-11:59:30 ****** pop3proxy[10619]: id="1100" severity="info" sys="SecureMail" sub="pop3" name="email passed" from="securitycheck@emailsecuritycheck.net" to="******@gmx.us" subject="Test mail 7/7 (ID=zFEu5qpmBiQygS94cogyjQ==)" size="3223" srcip="78.47.119.33" dstip="212.227.17.187" uid="0MTOGl-1VWpxQ1xlX-00SPU0" ident="0/10619-10-1376218770"
2013:08:11-11:59:30 ****** pop3proxy[10619]: Prefetch for account 6 finished (fetched=10, deleted=3, not_on_server=3)


Description of the Test Emails
There are seven test mails our server will try to send:
The first mail (1/7) contains a harmless executable attachment. Even though it is harmless, it should be removed (or replaced) by your attachment blocker. Depending on the configuration of your attachment blocker, this mail may never reach you.
The next mail (2/7) contains a harmless executable attachment, the EICAR anti virus test file in a .zip archive. This file should be detected by every virus checker. Depending on the configuration of your virus checker, this mail may never reach you.
The third mail (3/7) is harmless spam message (GTUBE spam signature), and should be detected by every spam filter. Depending on the configuration of your spam filter, this mail may never reach you.
The remaining four mails (4/7 to 7/7) contain attachments disguised in different ways. Even though the attachments are harmless, they should be removed (or replaced) by your attachment blocker. Depending on the configuration of your attachment blocker, these mails may never reach you.


This thread was automatically locked due to age.
Parents
  • 0
    Hi Bob

    I am using the latest mail.app client but it shouldn't make any difference. My understanding is that the UTM should block all relevant emails (all 7 that is in the specific test- I've also added the description of all the relevant tests)
Reply
  • 0
    Hi Bob

    I am using the latest mail.app client but it shouldn't make any difference. My understanding is that the UTM should block all relevant emails (all 7 that is in the specific test- I've also added the description of all the relevant tests)
Children
No Data
Unfiltered HTML