Search found 49 matches

by agatha
2020-02-05 10:31
Forum: General discussions
Topic: Windows Defender - strange behaviour
Replies: 2
Views: 3574

Re: Windows Defender - strange behaviour

Yes, obviously I did not search the topics good enough. Mea maxima culpa.

OK, then it is by design and for this purpose not usable.

Thank you!
by agatha
2020-02-04 17:42
Forum: General discussions
Topic: Windows Defender - strange behaviour
Replies: 2
Views: 3574

Windows Defender - strange behaviour

Hello together, I noticed a strange behaviour when using Windows Defender as external scanner. When I use this command line: "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype 3 -file "%FILE%" -disableremediation" and "return value" 2 it generally works fine. Malware is detected, it is...
by agatha
2020-02-04 16:50
Forum: General discussions
Topic: Which antivirus to use?
Replies: 15
Views: 9425

Re: Which antivirus to use?

Well, it is a question of the design. When the signatures are already loaded in the RAM, it is fast. Especially when lots of Mails have to be scanned.
by agatha
2019-07-29 14:07
Forum: General discussions
Topic: Which antivirus to use?
Replies: 15
Views: 9425

Re: Which antivirus to use?

ClamAV works quite good. And yes, it needs some RAM as it loads the signatures into the RAM. So it is fast, when Mails are scanned.

In my setting, it uses about 1,2 GB RAM. But so what? RAM is cheap and for little money you buy a lot of performance.
by agatha
2018-02-08 14:35
Forum: General discussions
Topic: Mirroring issue
Replies: 10
Views: 2824

Re: Mirroring issue

There is no difference between "send to a local mirror and pop it from an external account" and "send directly to an external account" regarding the number of copies. When you pop from the mirror account, there will be no loop. Let´s make it precisely: 1. You send or receive an e-mail. -> One mail o...
by agatha
2017-06-28 09:59
Forum: General discussions
Topic: Anti-virus, more than one program
Replies: 2
Views: 1156

Re: Anti-virus, more than one program

OK, the log helped (though it was quite large in debug mode). First the external scanner is used and if this one found no malware clamav runs. Thanks for this hint.
by agatha
2017-06-28 09:15
Forum: General discussions
Topic: Anti-virus, more than one program
Replies: 2
Views: 1156

Anti-virus, more than one program

Hello, I use clamav and for a few weeks now an additional external scanner (Avast). My question: Are both scanners used one after another? And which one first? And what happens, when the first one recognizes a virus, ist the second one still used? And one more issue: HM deletes attachements when a v...
by agatha
2017-06-06 09:42
Forum: General discussions
Topic: Good, Free, Command Line Scanner for HMS
Replies: 3
Views: 1672

Re: Good, Free, Command Line Scanner for HMS

But ashcmd.exe is not (anymore?) included in the free version.

To be honest, I do not know any free comand line scanner (except clamav).
by agatha
2017-02-09 09:31
Forum: General discussions
Topic: Urgent Kind Help Needed - Mail Server is dying on me
Replies: 7
Views: 2504

Re: Urgent Kind Help Needed - Mail Server is dying on me

Could it be an anti virus issue? The mail folder should be excluded from an on-access-scan.
by agatha
2017-02-02 16:47
Forum: General discussions
Topic: ClamAV service fails periodically
Replies: 16
Views: 5115

Re: ClamAV service fails periodically

Where did you get your references from? securite FAQ: What is the best configuration for clamd.conf ? To achieve maximum detection rates, we recommend modifying the following lines in your clamd.conf : WARNING : These changes suggest that you have at least 8GB of RAM DetectPUA yes IncludePUA Spy In...
by agatha
2017-02-02 13:54
Forum: General discussions
Topic: ClamAV service fails periodically
Replies: 16
Views: 5115

Re: ClamAV service fails periodically

sanesecurity.ftm sigwhitelist.ign2 rogue.hdb junk.ndb foxhole_filename.cdb foxhole_generic.cdb foxhole_all.cdb foxhole_all.ndb foxhole_js.cdb foxhole_js.ndb phish.ndb badmacro.ndb jurlbl.ndb scam.ndb mbl.ndb winnow_malware.hdb winnow_extended_malware.hdb crdfam.clamav.hdb This is quite strict, as i...
by agatha
2017-02-02 12:53
Forum: General discussions
Topic: ClamAV service fails periodically
Replies: 16
Views: 5115

Re: ClamAV service fails periodically

You have prodded my curiosity now.
How large is your ClamAV database folder? Mine is 666 (!) MB.

And good luck with Joel Esler - the signatures are not worthless - but not very reliable.
by agatha
2017-02-02 12:22
Forum: General discussions
Topic: ClamAV service fails periodically
Replies: 16
Views: 5115

Re: ClamAV service fails periodically

Is that immediately after a clamav service restart?
Depends, how you define "immediately". After the service is restarted, it takes a few seconds (about 5 maybe) until this the RAM is filled.
by agatha
2017-02-01 17:55
Forum: General discussions
Topic: ClamAV service fails periodically
Replies: 16
Views: 5115

Re: ClamAV service fails periodically

Hm. To be honest, I just copied the recommendations.

But I have just tested it with 45M each - the same RAM usage.
by agatha
2017-02-01 16:20
Forum: General discussions
Topic: ClamAV service fails periodically
Replies: 16
Views: 5115

Re: ClamAV service fails periodically

I am not sure. Probably the clamd.conf is the reason. I use the recommendation from securite.info and they suggest at least 8 GB RAM for this. DetectPUA yes IncludePUA Spy IncludePUA Spyware IncludePUA Game IncludePUA Keylogger IncludePUA Spam IncludePUA Trojan IncludePUA NetTool IncludePUA Win MaxS...
by agatha
2017-01-31 11:24
Forum: General discussions
Topic: ClamAV service fails periodically
Replies: 16
Views: 5115

Re: ClamAV service fails periodically

I've now removed the securiteinfo signatures and instead implemented the SaneSecurity signatures, and will monitor the performance for a couple of days. I use those signatures for years and have no problems at all. The memory usage is about 1.3 GB. But what about the message "invalid argument"? May...
by agatha
2017-01-12 17:44
Forum: General discussions
Topic: ERROR 3368 Spamassassin
Replies: 7
Views: 3214

Re: ERROR 3368 Spamassassin

peak RAM usage by SA
about 500 MB. I restart the service daily as there seems to be a memory leak.
what is your average SMTP volume
About 2000 messages per day.
by agatha
2017-01-11 18:28
Forum: General discussions
Topic: ERROR 3368 Spamassassin
Replies: 7
Views: 3214

Re: ERROR 3368 Spamassassin

WinSock errorcode 10054 is the error you get when spamd is unavailable, most likely: right in the middle of the restarting process (stop service, update database, start service) First I thought so. But the timestamps in the logs did not match to the time, the service is reloaded. Not one single tim...
by agatha
2017-01-11 16:56
Forum: General discussions
Topic: ERROR 3368 Spamassassin
Replies: 7
Views: 3214

Re: ERROR 3368 Spamassassin

It seems to be a RAM issue. Since I upgraded my RAM from 4 to 8 GB, this message did not occur anymore.
by agatha
2017-01-11 16:49
Forum: General discussions
Topic: Mirror of all messages
Replies: 9
Views: 2673

Re: Mirror of all messages

and X-hMailServer-LoopCount < 1
Do you need a loop-count, when using recipient list?
by agatha
2016-12-05 11:08
Forum: General discussions
Topic: Sanesecurity updates
Replies: 3
Views: 1890

Re: Sanesecurity updates

Should the sigupdate.log be also updated when using the task schedule? Yes. And also the *.hdb and *.cdb files in your clamav database folder get a new time stamp. My batch looks like: @echo off cd /d d:\clamav set log=D:\Logs\sanesecurity.log set db=D:\ClamAV\db set CYGWIN=nontsec echo %date%-%tim...
by agatha
2016-11-25 09:54
Forum: General discussions
Topic: question: notification for infected mails
Replies: 18
Views: 4988

Re: question: notification for infected mails

@mattg @jimimaseye That is in deed interesting. Thank you. CLAMAV_SANE SPAM found by ClamAV SaneSecurity signatures I guess, this is a result of the CLAMAV plugin for spamassassin? That means - as you mentioned before - I can use the malware definitions I want as definitions for spamassassin? And we...
by agatha
2016-11-24 14:50
Forum: General discussions
Topic: EMail Archive
Replies: 7
Views: 2478

Re: EMail Archive

But in Germany there are rules for eMails which may not be archived like "application mails" etc. That is not true. Only the period, you are allowed to store those mails is shorter (max. 3 month) and you should store them for several reasons. So it is better, when you delete those mails from the ar...
by agatha
2016-11-24 14:33
Forum: General discussions
Topic: question: notification for infected mails
Replies: 18
Views: 4988

Re: question: notification for infected mails

Why not.....
OK, good idea.

I did not know, that I can have a different header for the case a mail is marked as spam because of a match of the clamav definitions.
That could be nice.

Thanks.
by agatha
2016-11-24 11:31
Forum: General discussions
Topic: question: notification for infected mails
Replies: 18
Views: 4988

Re: question: notification for infected mails

Do you want to inspect the malware or delete it? Well, it is a balance between effort and benefit. The first target is, that users do not get infected mails. The second target is, that I do not have to inspect hundreds of spam mails per day. Of course, your setup works. When you invest the time to ...
by agatha
2016-11-23 17:04
Forum: General discussions
Topic: question: notification for infected mails
Replies: 18
Views: 4988

Re: question: notification for infected mails

But that's my point But how do you differentiate between spam and malware? Or do you say: spam and malware is both unwanted an so it is treated the same way? That is consequent but it leads to the following problem: - when you have a low score for spam, you will get a lot of mails (and a lot of fal...
by agatha
2016-11-23 14:28
Forum: General discussions
Topic: question: notification for infected mails
Replies: 18
Views: 4988

Re: question: notification for infected mails

Then set your spam mark score low enough to be useful, and your delete mark extremely high I have done this - but I want handle spam an infected mails in a different way. People should be able to read mails, that are marked as spam by themselves (because it is a lot of spam) - but infected mails sh...
by agatha
2016-11-22 16:09
Forum: General discussions
Topic: question: notification for infected mails
Replies: 18
Views: 4988

Re: question: notification for infected mails

Very convoluted and unnecessarily so IMO. I use Clam, have viruses stripped, and the resultant email sent to trash, and at the end of the day I know how many. How? Well, see my first post. I guess you misunderstood it. The mirroring applies to all mails. It is meant to archive all mails. It has not...
by agatha
2016-11-22 10:43
Forum: General discussions
Topic: question: notification for infected mails
Replies: 18
Views: 4988

Re: question: notification for infected mails

Thanks for the replies! Try X-hMailServer-LoopCount with the value "less than 1" I tried this. In this case no mail is forwarded. just add a rule criteria that says Recipient List does not include <mirroraddress.domain.com> Thanks for this hint. This creates still a loop but when the address to whic...
by agatha
2016-11-21 16:35
Forum: General discussions
Topic: question: notification for infected mails
Replies: 18
Views: 4988

question: notification for infected mails

Hello together! I would like to forward all mails (or count them at least) that contained malware. So I can easily see, if there is a peak in such mails. My setup regarding this issue seams to be a bit problematic: - All mails are mirrored to a certain address (Settings->Advanced->Mirror) - Mails, t...
by agatha
2016-10-28 08:51
Forum: General discussions
Topic: No remaining recipients
Replies: 11
Views: 4225

Re: No remaining recipients

OK, SMTP only. Thank you.
by agatha
2016-10-28 08:50
Forum: General discussions
Topic: Looking for same version Clamwin and Clamav
Replies: 9
Views: 3587

Re: Looking for same version Clamwin and Clamav

In my opinion you should only use clamav running as a service. That is the fastest way to scan your mails. And take a look at the signatures from sanesecurity. To update clamav stop the service, override the files and start the service again. That should work in most cases. If it does not, remove an...
by agatha
2016-10-27 17:42
Forum: General discussions
Topic: No remaining recipients
Replies: 11
Views: 4225

Re: No remaining recipients

Perhaps you have a similar option. Hm, not really. There is not only a catch all account on the remote server but above this several accounts that are downloaded. And within the hmail logs, I only have an ID (and of course a time stamp) to identify the relevant mail. I can not see, how I could find...
by agatha
2016-10-27 16:28
Forum: General discussions
Topic: No remaining recipients
Replies: 11
Views: 4225

Re: No remaining recipients

As it is a very rare error, I am not worry. I just do not like unsolved problems ...

But thanks for the hints.

If I find something out, I will tell. Maybe logging SMTP and POP3 will help.
by agatha
2016-10-27 15:01
Forum: General discussions
Topic: No remaining recipients
Replies: 11
Views: 4225

Re: No remaining recipients

No SMPT logging yet. But I already activated it for the next time.

And yes, I download mails via POP3 froman external server.

The forwarding rules are like:
From -> Not contains [mail address to which is forwarded] -> Forward email
by agatha
2016-10-27 10:00
Forum: General discussions
Topic: No remaining recipients
Replies: 11
Views: 4225

Re: No remaining recipients

No scipts but indeed some forwarding rules. The problem is, that it happens so unfrequently. 10000 Mails are processed without this error. I tried to find the mentioned file within the data file system but (of course it is a sended message) it does not appear. So I do not know, which rule might be a...
by agatha
2016-10-27 09:10
Forum: General discussions
Topic: No remaining recipients
Replies: 11
Views: 4225

No remaining recipients

Hello, I need some hint where I have to look for this issue: Sometimes - about once a week - the following error occurs: "ERROR" 4904 "2016-10-25 08:17:05.777" "Severity: 3 (Medium), Code: HM5007, Source: SMTPDeliverer::DeliverMessage(), Description: Message 781666 could not be delivered. No remaini...
by agatha
2016-09-14 13:24
Forum: General discussions
Topic: ERROR 3368 Spamassassin
Replies: 7
Views: 3214

Re: ERROR 3368 Spamassassin

Reloading the database was my first thought.

The spamd service is reloaded three times a day (stop service, update database, start service), but the timestamps of the errors do not match those reloads.

The service itself runs fine, so I do not think, abnormal terminations are the reason.
by agatha
2016-09-14 13:04
Forum: General discussions
Topic: ERROR 3368 Spamassassin
Replies: 7
Views: 3214

ERROR 3368 Spamassassin

When using SpamAssassin with HM I get sometimes (once, twice a day) this error: "ERROR" 3368 "2016-09-14 06:00:11.876" "Severity: 3 (Medium), Code: HM5157, Source: SpamAssassinClient::OnReadError, Description: There was a communication error with SpamAssassin. hMailServer tried to retrieve data from...
by agatha
2015-12-11 10:18
Forum: Feature requests
Topic: Malware - Delete mail or attachment
Replies: 19
Views: 11702

Re: Malware - Delete mail or attachment

I am unsure how a message with a known virus as an attachment could possibly be a false positive.
That depends on the signatures. Especially when heuristic is used.
Im my case, I use ClamAV with signatures from sanesecurity and from securite.
by agatha
2015-12-10 17:09
Forum: Feature requests
Topic: Malware - Delete mail or attachment
Replies: 19
Views: 11702

Malware - Delete mail or attachment

When a virus is found, HMS either deletes the e-mail or only the attachment.

But it would be helpful - especially in case of a false positive - when the e-mail or the attachment is not deleted but moved to a special folder.
by agatha
2015-11-12 11:54
Forum: General discussions
Topic: Error when running "Diagnostics"
Replies: 10
Views: 2683

Re: Error when running "Diagnostics"

The problem is that the diagnostics don't work if you set the outgoing port to 465 in SMTP relayer.
Indeed. That´s the problem.

Thank you for the explanation!
by agatha
2015-11-11 11:17
Forum: General discussions
Topic: Error when running "Diagnostics"
Replies: 10
Views: 2683

Re: Error when running "Diagnostics"

In SMTP relayer under delivery of email, what do you have set for the 'remote host name', 'remote TCP/IP port' and the 'connection security' I use hMS as a local mailserver, that pulls and sends mails from/to a provider. Therefor the remote host name is the smtp address of this provider. Port is 46...
by agatha
2015-11-10 11:55
Forum: General discussions
Topic: Error when running "Diagnostics"
Replies: 10
Views: 2683

Re: Error when running "Diagnostics"

I did both: I left the default value as well as I used a custom one.
None of them worked.

It is strange in so far, as everything works fine (pop, imap, smtp, http). It seems, hmail just failes to create the output form.
by agatha
2015-11-09 17:00
Forum: General discussions
Topic: Error when running "Diagnostics"
Replies: 10
Views: 2683

Re: Error when running "Diagnostics"

Well, I am quite sure, that I did not change any permissions. And Apache works fine too. I read "https://www.hmailserver.com/forum/viewtopic.php?t=27567#p170518", but as far as I see, my configuration is OK. Especially the service has no problems with windows permissions. So I think it might be more...
by agatha
2015-11-09 15:24
Forum: General discussions
Topic: Error when running "Diagnostics"
Replies: 10
Views: 2683

Re: Error when running "Diagnostics"

No, I do not use SSL within hMail and i do not have any certificates on this server. Settings->Advanced->SSL certificates: No entries Settings->Advanced->SSL/TLS: "Verify remote ..." is unchecked, "Versions" are all checked. And thanks for the google link - I searched "800403E9" within the forum and...
by agatha
2015-11-09 15:13
Forum: General discussions
Topic: Error when running "Diagnostics"
Replies: 10
Views: 2683

Error when running "Diagnostics"

Hello, when I run "Diagnostics" in hMail Admin, I receive an error: ExceptionType: COMException HelpLine: Message: Exception from HRESULT: 0x800403E9 Source: Interop.hMailServer StackTrace: at hMailServer.DiagnosticsClass.PerformTests() at hMailServer.Administrator.ucDiagnostics.buttonPerformTests_C...
by agatha
2015-11-02 09:35
Forum: General discussions
Topic: Webadmin - remove tabs
Replies: 2
Views: 1140

Re: Webadmin - remove tabs

That was exactly what I was looking for.

Thank you very much.
by agatha
2015-10-30 11:31
Forum: General discussions
Topic: Webadmin - remove tabs
Replies: 2
Views: 1140

Webadmin - remove tabs

Hello together, in webadmin, I would like to remove some tabs for administration level "user". E.g. all users with administration level "0" shall not be able to change their signature. For this behalf I could either remove the whole tab or I could disable the accordant field. I already removed the "...