Yes, obviously I did not search the topics good enough. Mea maxima culpa.
OK, then it is by design and for this purpose not usable.
Thank you!
Search found 49 matches
- 2020-02-05 10:31
- Forum: General discussions
- Topic: Windows Defender - strange behaviour
- Replies: 2
- Views: 3867
- 2020-02-04 17:42
- Forum: General discussions
- Topic: Windows Defender - strange behaviour
- Replies: 2
- Views: 3867
Windows Defender - strange behaviour
Hello together, I noticed a strange behaviour when using Windows Defender as external scanner. When I use this command line: "C:\Program Files\Windows Defender\MpCmdRun.exe" -scan -scantype 3 -file "%FILE%" -disableremediation" and "return value" 2 it generally works fine. Malware is detected, it is...
- 2020-02-04 16:50
- Forum: General discussions
- Topic: Which antivirus to use?
- Replies: 16
- Views: 11310
Re: Which antivirus to use?
Well, it is a question of the design. When the signatures are already loaded in the RAM, it is fast. Especially when lots of Mails have to be scanned.
- 2019-07-29 14:07
- Forum: General discussions
- Topic: Which antivirus to use?
- Replies: 16
- Views: 11310
Re: Which antivirus to use?
ClamAV works quite good. And yes, it needs some RAM as it loads the signatures into the RAM. So it is fast, when Mails are scanned.
In my setting, it uses about 1,2 GB RAM. But so what? RAM is cheap and for little money you buy a lot of performance.
In my setting, it uses about 1,2 GB RAM. But so what? RAM is cheap and for little money you buy a lot of performance.
- 2018-02-08 14:35
- Forum: General discussions
- Topic: Mirroring issue
- Replies: 10
- Views: 3420
Re: Mirroring issue
There is no difference between "send to a local mirror and pop it from an external account" and "send directly to an external account" regarding the number of copies. When you pop from the mirror account, there will be no loop. Let´s make it precisely: 1. You send or receive an e-mail. -> One mail o...
- 2017-06-28 09:59
- Forum: General discussions
- Topic: Anti-virus, more than one program
- Replies: 2
- Views: 1422
Re: Anti-virus, more than one program
OK, the log helped (though it was quite large in debug mode). First the external scanner is used and if this one found no malware clamav runs. Thanks for this hint.
- 2017-06-28 09:15
- Forum: General discussions
- Topic: Anti-virus, more than one program
- Replies: 2
- Views: 1422
Anti-virus, more than one program
Hello, I use clamav and for a few weeks now an additional external scanner (Avast). My question: Are both scanners used one after another? And which one first? And what happens, when the first one recognizes a virus, ist the second one still used? And one more issue: HM deletes attachements when a v...
- 2017-06-06 09:42
- Forum: General discussions
- Topic: Good, Free, Command Line Scanner for HMS
- Replies: 3
- Views: 2034
Re: Good, Free, Command Line Scanner for HMS
But ashcmd.exe is not (anymore?) included in the free version.
To be honest, I do not know any free comand line scanner (except clamav).
To be honest, I do not know any free comand line scanner (except clamav).
- 2017-02-09 09:31
- Forum: General discussions
- Topic: Urgent Kind Help Needed - Mail Server is dying on me
- Replies: 7
- Views: 3080
Re: Urgent Kind Help Needed - Mail Server is dying on me
Could it be an anti virus issue? The mail folder should be excluded from an on-access-scan.
- 2017-02-02 16:47
- Forum: General discussions
- Topic: ClamAV service fails periodically
- Replies: 16
- Views: 6044
Re: ClamAV service fails periodically
Where did you get your references from? securite FAQ: What is the best configuration for clamd.conf ? To achieve maximum detection rates, we recommend modifying the following lines in your clamd.conf : WARNING : These changes suggest that you have at least 8GB of RAM DetectPUA yes IncludePUA Spy In...
- 2017-02-02 13:54
- Forum: General discussions
- Topic: ClamAV service fails periodically
- Replies: 16
- Views: 6044
Re: ClamAV service fails periodically
sanesecurity.ftm sigwhitelist.ign2 rogue.hdb junk.ndb foxhole_filename.cdb foxhole_generic.cdb foxhole_all.cdb foxhole_all.ndb foxhole_js.cdb foxhole_js.ndb phish.ndb badmacro.ndb jurlbl.ndb scam.ndb mbl.ndb winnow_malware.hdb winnow_extended_malware.hdb crdfam.clamav.hdb This is quite strict, as i...
- 2017-02-02 12:53
- Forum: General discussions
- Topic: ClamAV service fails periodically
- Replies: 16
- Views: 6044
Re: ClamAV service fails periodically
How large is your ClamAV database folder? Mine is 666 (!) MB.You have prodded my curiosity now.
And good luck with Joel Esler - the signatures are not worthless - but not very reliable.
- 2017-02-02 12:22
- Forum: General discussions
- Topic: ClamAV service fails periodically
- Replies: 16
- Views: 6044
Re: ClamAV service fails periodically
Depends, how you define "immediately". After the service is restarted, it takes a few seconds (about 5 maybe) until this the RAM is filled.Is that immediately after a clamav service restart?
- 2017-02-01 17:55
- Forum: General discussions
- Topic: ClamAV service fails periodically
- Replies: 16
- Views: 6044
Re: ClamAV service fails periodically
Hm. To be honest, I just copied the recommendations.
But I have just tested it with 45M each - the same RAM usage.
But I have just tested it with 45M each - the same RAM usage.
- 2017-02-01 16:20
- Forum: General discussions
- Topic: ClamAV service fails periodically
- Replies: 16
- Views: 6044
Re: ClamAV service fails periodically
I am not sure. Probably the clamd.conf is the reason. I use the recommendation from securite.info and they suggest at least 8 GB RAM for this. DetectPUA yes IncludePUA Spy IncludePUA Spyware IncludePUA Game IncludePUA Keylogger IncludePUA Spam IncludePUA Trojan IncludePUA NetTool IncludePUA Win MaxS...
- 2017-01-31 11:24
- Forum: General discussions
- Topic: ClamAV service fails periodically
- Replies: 16
- Views: 6044
Re: ClamAV service fails periodically
I've now removed the securiteinfo signatures and instead implemented the SaneSecurity signatures, and will monitor the performance for a couple of days. I use those signatures for years and have no problems at all. The memory usage is about 1.3 GB. But what about the message "invalid argument"? May...
- 2017-01-12 17:44
- Forum: General discussions
- Topic: ERROR 3368 Spamassassin
- Replies: 7
- Views: 3808
Re: ERROR 3368 Spamassassin
about 500 MB. I restart the service daily as there seems to be a memory leak.peak RAM usage by SA
About 2000 messages per day.what is your average SMTP volume
- 2017-01-11 18:28
- Forum: General discussions
- Topic: ERROR 3368 Spamassassin
- Replies: 7
- Views: 3808
Re: ERROR 3368 Spamassassin
WinSock errorcode 10054 is the error you get when spamd is unavailable, most likely: right in the middle of the restarting process (stop service, update database, start service) First I thought so. But the timestamps in the logs did not match to the time, the service is reloaded. Not one single tim...
- 2017-01-11 16:56
- Forum: General discussions
- Topic: ERROR 3368 Spamassassin
- Replies: 7
- Views: 3808
Re: ERROR 3368 Spamassassin
It seems to be a RAM issue. Since I upgraded my RAM from 4 to 8 GB, this message did not occur anymore.
- 2017-01-11 16:49
- Forum: General discussions
- Topic: Mirror of all messages
- Replies: 9
- Views: 3187
Re: Mirror of all messages
Do you need a loop-count, when using recipient list?and X-hMailServer-LoopCount < 1
- 2016-12-05 11:08
- Forum: General discussions
- Topic: Sanesecurity updates
- Replies: 3
- Views: 2304
Re: Sanesecurity updates
Should the sigupdate.log be also updated when using the task schedule? Yes. And also the *.hdb and *.cdb files in your clamav database folder get a new time stamp. My batch looks like: @echo off cd /d d:\clamav set log=D:\Logs\sanesecurity.log set db=D:\ClamAV\db set CYGWIN=nontsec echo %date%-%tim...
- 2016-11-25 09:54
- Forum: General discussions
- Topic: question: notification for infected mails
- Replies: 18
- Views: 6019
Re: question: notification for infected mails
@mattg @jimimaseye That is in deed interesting. Thank you. CLAMAV_SANE SPAM found by ClamAV SaneSecurity signatures I guess, this is a result of the CLAMAV plugin for spamassassin? That means - as you mentioned before - I can use the malware definitions I want as definitions for spamassassin? And we...
- 2016-11-24 14:50
- Forum: General discussions
- Topic: EMail Archive
- Replies: 7
- Views: 2942
Re: EMail Archive
But in Germany there are rules for eMails which may not be archived like "application mails" etc. That is not true. Only the period, you are allowed to store those mails is shorter (max. 3 month) and you should store them for several reasons. So it is better, when you delete those mails from the ar...
- 2016-11-24 14:33
- Forum: General discussions
- Topic: question: notification for infected mails
- Replies: 18
- Views: 6019
Re: question: notification for infected mails
OK, good idea.Why not.....
I did not know, that I can have a different header for the case a mail is marked as spam because of a match of the clamav definitions.
That could be nice.
Thanks.
- 2016-11-24 11:31
- Forum: General discussions
- Topic: question: notification for infected mails
- Replies: 18
- Views: 6019
Re: question: notification for infected mails
Do you want to inspect the malware or delete it? Well, it is a balance between effort and benefit. The first target is, that users do not get infected mails. The second target is, that I do not have to inspect hundreds of spam mails per day. Of course, your setup works. When you invest the time to ...
- 2016-11-23 17:04
- Forum: General discussions
- Topic: question: notification for infected mails
- Replies: 18
- Views: 6019
Re: question: notification for infected mails
But that's my point But how do you differentiate between spam and malware? Or do you say: spam and malware is both unwanted an so it is treated the same way? That is consequent but it leads to the following problem: - when you have a low score for spam, you will get a lot of mails (and a lot of fal...
- 2016-11-23 14:28
- Forum: General discussions
- Topic: question: notification for infected mails
- Replies: 18
- Views: 6019
Re: question: notification for infected mails
Then set your spam mark score low enough to be useful, and your delete mark extremely high I have done this - but I want handle spam an infected mails in a different way. People should be able to read mails, that are marked as spam by themselves (because it is a lot of spam) - but infected mails sh...
- 2016-11-22 16:09
- Forum: General discussions
- Topic: question: notification for infected mails
- Replies: 18
- Views: 6019
Re: question: notification for infected mails
Very convoluted and unnecessarily so IMO. I use Clam, have viruses stripped, and the resultant email sent to trash, and at the end of the day I know how many. How? Well, see my first post. I guess you misunderstood it. The mirroring applies to all mails. It is meant to archive all mails. It has not...
- 2016-11-22 10:43
- Forum: General discussions
- Topic: question: notification for infected mails
- Replies: 18
- Views: 6019
Re: question: notification for infected mails
Thanks for the replies! Try X-hMailServer-LoopCount with the value "less than 1" I tried this. In this case no mail is forwarded. just add a rule criteria that says Recipient List does not include <mirroraddress.domain.com> Thanks for this hint. This creates still a loop but when the address to whic...
- 2016-11-21 16:35
- Forum: General discussions
- Topic: question: notification for infected mails
- Replies: 18
- Views: 6019
question: notification for infected mails
Hello together! I would like to forward all mails (or count them at least) that contained malware. So I can easily see, if there is a peak in such mails. My setup regarding this issue seams to be a bit problematic: - All mails are mirrored to a certain address (Settings->Advanced->Mirror) - Mails, t...
- 2016-10-28 08:51
- Forum: General discussions
- Topic: No remaining recipients
- Replies: 11
- Views: 4861
Re: No remaining recipients
OK, SMTP only. Thank you.
- 2016-10-28 08:50
- Forum: General discussions
- Topic: Looking for same version Clamwin and Clamav
- Replies: 9
- Views: 4073
Re: Looking for same version Clamwin and Clamav
In my opinion you should only use clamav running as a service. That is the fastest way to scan your mails. And take a look at the signatures from sanesecurity. To update clamav stop the service, override the files and start the service again. That should work in most cases. If it does not, remove an...
- 2016-10-27 17:42
- Forum: General discussions
- Topic: No remaining recipients
- Replies: 11
- Views: 4861
Re: No remaining recipients
Perhaps you have a similar option. Hm, not really. There is not only a catch all account on the remote server but above this several accounts that are downloaded. And within the hmail logs, I only have an ID (and of course a time stamp) to identify the relevant mail. I can not see, how I could find...
- 2016-10-27 16:28
- Forum: General discussions
- Topic: No remaining recipients
- Replies: 11
- Views: 4861
Re: No remaining recipients
As it is a very rare error, I am not worry. I just do not like unsolved problems ...
But thanks for the hints.
If I find something out, I will tell. Maybe logging SMTP and POP3 will help.
But thanks for the hints.
If I find something out, I will tell. Maybe logging SMTP and POP3 will help.
- 2016-10-27 15:01
- Forum: General discussions
- Topic: No remaining recipients
- Replies: 11
- Views: 4861
Re: No remaining recipients
No SMPT logging yet. But I already activated it for the next time.
And yes, I download mails via POP3 froman external server.
The forwarding rules are like:
From -> Not contains [mail address to which is forwarded] -> Forward email
And yes, I download mails via POP3 froman external server.
The forwarding rules are like:
From -> Not contains [mail address to which is forwarded] -> Forward email
- 2016-10-27 10:00
- Forum: General discussions
- Topic: No remaining recipients
- Replies: 11
- Views: 4861
Re: No remaining recipients
No scipts but indeed some forwarding rules. The problem is, that it happens so unfrequently. 10000 Mails are processed without this error. I tried to find the mentioned file within the data file system but (of course it is a sended message) it does not appear. So I do not know, which rule might be a...
- 2016-10-27 09:10
- Forum: General discussions
- Topic: No remaining recipients
- Replies: 11
- Views: 4861
No remaining recipients
Hello, I need some hint where I have to look for this issue: Sometimes - about once a week - the following error occurs: "ERROR" 4904 "2016-10-25 08:17:05.777" "Severity: 3 (Medium), Code: HM5007, Source: SMTPDeliverer::DeliverMessage(), Description: Message 781666 could not be delivered. No remaini...
- 2016-09-14 13:24
- Forum: General discussions
- Topic: ERROR 3368 Spamassassin
- Replies: 7
- Views: 3808
Re: ERROR 3368 Spamassassin
Reloading the database was my first thought.
The spamd service is reloaded three times a day (stop service, update database, start service), but the timestamps of the errors do not match those reloads.
The service itself runs fine, so I do not think, abnormal terminations are the reason.
The spamd service is reloaded three times a day (stop service, update database, start service), but the timestamps of the errors do not match those reloads.
The service itself runs fine, so I do not think, abnormal terminations are the reason.
- 2016-09-14 13:04
- Forum: General discussions
- Topic: ERROR 3368 Spamassassin
- Replies: 7
- Views: 3808
ERROR 3368 Spamassassin
When using SpamAssassin with HM I get sometimes (once, twice a day) this error: "ERROR" 3368 "2016-09-14 06:00:11.876" "Severity: 3 (Medium), Code: HM5157, Source: SpamAssassinClient::OnReadError, Description: There was a communication error with SpamAssassin. hMailServer tried to retrieve data from...
- 2015-12-11 10:18
- Forum: Feature requests
- Topic: Malware - Delete mail or attachment
- Replies: 19
- Views: 13158
Re: Malware - Delete mail or attachment
That depends on the signatures. Especially when heuristic is used.I am unsure how a message with a known virus as an attachment could possibly be a false positive.
Im my case, I use ClamAV with signatures from sanesecurity and from securite.
- 2015-12-10 17:09
- Forum: Feature requests
- Topic: Malware - Delete mail or attachment
- Replies: 19
- Views: 13158
Malware - Delete mail or attachment
When a virus is found, HMS either deletes the e-mail or only the attachment.
But it would be helpful - especially in case of a false positive - when the e-mail or the attachment is not deleted but moved to a special folder.
But it would be helpful - especially in case of a false positive - when the e-mail or the attachment is not deleted but moved to a special folder.
- 2015-11-12 11:54
- Forum: General discussions
- Topic: Error when running "Diagnostics"
- Replies: 10
- Views: 3233
Re: Error when running "Diagnostics"
Indeed. That´s the problem.The problem is that the diagnostics don't work if you set the outgoing port to 465 in SMTP relayer.
Thank you for the explanation!
- 2015-11-11 11:17
- Forum: General discussions
- Topic: Error when running "Diagnostics"
- Replies: 10
- Views: 3233
Re: Error when running "Diagnostics"
In SMTP relayer under delivery of email, what do you have set for the 'remote host name', 'remote TCP/IP port' and the 'connection security' I use hMS as a local mailserver, that pulls and sends mails from/to a provider. Therefor the remote host name is the smtp address of this provider. Port is 46...
- 2015-11-10 11:55
- Forum: General discussions
- Topic: Error when running "Diagnostics"
- Replies: 10
- Views: 3233
Re: Error when running "Diagnostics"
I did both: I left the default value as well as I used a custom one.
None of them worked.
It is strange in so far, as everything works fine (pop, imap, smtp, http). It seems, hmail just failes to create the output form.
None of them worked.
It is strange in so far, as everything works fine (pop, imap, smtp, http). It seems, hmail just failes to create the output form.
- 2015-11-09 17:00
- Forum: General discussions
- Topic: Error when running "Diagnostics"
- Replies: 10
- Views: 3233
Re: Error when running "Diagnostics"
Well, I am quite sure, that I did not change any permissions. And Apache works fine too. I read "https://www.hmailserver.com/forum/viewtopic.php?t=27567#p170518", but as far as I see, my configuration is OK. Especially the service has no problems with windows permissions. So I think it might be more...
- 2015-11-09 15:24
- Forum: General discussions
- Topic: Error when running "Diagnostics"
- Replies: 10
- Views: 3233
Re: Error when running "Diagnostics"
No, I do not use SSL within hMail and i do not have any certificates on this server. Settings->Advanced->SSL certificates: No entries Settings->Advanced->SSL/TLS: "Verify remote ..." is unchecked, "Versions" are all checked. And thanks for the google link - I searched "800403E9" within the forum and...
- 2015-11-09 15:13
- Forum: General discussions
- Topic: Error when running "Diagnostics"
- Replies: 10
- Views: 3233
Error when running "Diagnostics"
Hello, when I run "Diagnostics" in hMail Admin, I receive an error: ExceptionType: COMException HelpLine: Message: Exception from HRESULT: 0x800403E9 Source: Interop.hMailServer StackTrace: at hMailServer.DiagnosticsClass.PerformTests() at hMailServer.Administrator.ucDiagnostics.buttonPerformTests_C...
- 2015-11-02 09:35
- Forum: General discussions
- Topic: Webadmin - remove tabs
- Replies: 2
- Views: 1329
Re: Webadmin - remove tabs
That was exactly what I was looking for.
Thank you very much.
Thank you very much.
- 2015-10-30 11:31
- Forum: General discussions
- Topic: Webadmin - remove tabs
- Replies: 2
- Views: 1329
Webadmin - remove tabs
Hello together, in webadmin, I would like to remove some tabs for administration level "user". E.g. all users with administration level "0" shall not be able to change their signature. For this behalf I could either remove the whole tab or I could disable the accordant field. I already removed the "...