Mail Enable Enterprise and CA Etrust AntiVirus

Discussion, support and announcements for third party applications that work with MailEnable.
Post Reply
diamond
Posts: 9
Joined: Thu Sep 30, 2010 11:12 pm

Mail Enable Enterprise and CA Etrust AntiVirus

Post by diamond »

I am tying to use CA Etrust AntiVirus r8.1 with MailEnable Enterprise Premium running on Windows Server 2008 R2.

While testing the email server / antivirus program to make sure the MTA is working properly with the virus plugin settings I receive the following message while in debug mode.

File C:\PROGRA~2\MAILEN~1\Scratch\96CB28~1.MAI\2.ATT is an encrypted archive member and cannot be scanned.

Any suggestions or reassons as to why this message appears? I thought the ATT files were just plain text files.

Here is the configuration of the AntiVirus Plugin:

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCAI]
"Send Return Notification"=dword:00000000
"Notification Address"=""
"Message Handling"=dword:00000000
"Status"=dword:00000001
"Antivirus Notification Message"="<<- Attachment was removed because it appears to contain a virus - >"
"Antivirus Scratch Directory"=""
"Antivirus Parameters"="\"[AGENT]\" -ACT Delete -ARC -NEX -SPM P -ARF \"[FILENAME]\" "
"Provider DLL"="MEAVGEN.DLL"
"Program Name"="CA ETrust"
"Program Info"="Computer Associates eTrust InoculateIT - Complete Virus Protection."
"Exit Code Enabled"=dword:00000001
"Exit Codes Error Inclusive"=dword:00000001
"Exit Codes"="any"
"Type"=dword:00000001
"Antivirus Agent"="C:\\Program Files\\CA\\SharedComponents\\ScanEngine\\inocmd64.exe"
"Capture Output"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCAI\Default]
"Antivirus Parameters"="\"[AGENT]\" -NEX -ARC -ARF -SMF -ACT delete \"[FILENAME]\""
"Exit Code Enabled"=dword:00000001
"Exit Codes Error Inclusive"=dword:00000001
"Exit Codes"="any"
"Antivirus Agent"="C:\\Program Files\\CA\\SharedComponents\\ScanEngine\\inocmd64.exe"

Here are the options available to the INOCMD64.EXE:

C:\Program Files\CA\SharedComponents\ScanEngine>inocmd64.exe /?

Usage:inocmd64.exe [ -options ] file|directory|drive ...
-options:
MOD <mod> Scan mode
<mod> can be one of: Secure or Reviewer (default Secure)
ACT <action> Infected file action
<action> can be one of: Report, Cure, Rename, Delete or Move
EXE Specified files
(based on the Local Scanner's 'Specified' extension list)
EXC Exclude files
(based on the Local Scanner's 'Exclude' extension list)
ARC Scan archive files
NEX Detect compressed files by content, not file extension
NOS No subdirectory traverse
FIL:<pattern> Only scan files that match <pattern> (shell wildcard)
SCA <action> Special Cure Action (ACT must be set to Cure)
<action> can be one of: CB (Copy Before),
RF (Rename if cure Fails), or MF (Move if cure Fails)
MCA <action> Macro Cure Action
<action> can be either: RA (Remove All) or RI (Remove Infected)
SPM <mode> Special Mode
<mode> can be: H (Heuristics) or P (apply actions to archive)
SFI Stop at first infection in archive
SMF Scan migrated files
SRF Skip regular file scanning of archives
ARF Apply extension filter to archive contents
BOO Boot sector scan
MEM Scan memory (currently running programs)
LIS:<file> Create scan report file <file>
APP:<file> Append scan report to file <file>
SYS Enable System Cure
Invoke the 'system cure' facility for any infected file(s) which
are found and which have system cures associated with them. See
the virus encyclopedia at www.ca.com for specific virus details
regarding system cure applicability. Note that in some cases
system cure requires a reboot to be effective.
VER Verbose mode
COU:<n> Message every <n> scanned files
COU Message every 1000 scanned files
SIG Display signature version numbers
SIG:<dir> Display signature version numbers of
engine located in <dir>
HEL or ? Display this help

file|directory|drive ...:
Specify at least one file, directory or drive to scan

Here is the complete MTA debug:


Allocating 4 Results
Processing Message...
Message Size detected as 4591
W: 0.000000
Attachment (1) Found - Processing
Attachment Processing Completed
Attachment (2) Found - Processing
Attachment Processing Completed
Attachment (3) Found - Processing
Attachment Processing Completed
Attachment (4) Found - Processing
Attachment Processing Completed
Allocating 4 Results
Processing Message...
Message Size detected as 2328
W: 0.000000
Attachment (1) Found - Processing
Attachment Processing Completed
Attachment (2) Found - Processing
Attachment Processing Completed
Allocating 4 Results
Processing Message...
Message Size detected as 2568
W: 0.000000
Attachment (1) Found - Processing
Attachment Processing Completed
Attachment (2) Found - Processing
Attachment Processing Completed
Attachment (3) Found - Processing
Attachment Processing Completed

Total Files Scanned: 1
Total Viruses Found: 0
Total Infected Files Found: 0
Scan Mode: Secure

*** End Of Summary ***
Returned 0

Total Files Scanned: 1
Total Viruses Found: 0
Total Infected Files Found: 0
Scan Mode: Secure

*** End Of Summary ***
Returned 0
Processing Message Content...
To Found:David Warrick <diamond@orcacomm.net>

From Found:eicar@aleph-tec.com

Processing Recipient List of 1 delimiters
Message sender/recipient criteria met
Message sender/recipient criteria met
Mime Encapsulatation detected
Message General Criteria met against [pass] in specified word list.
Checking Filter[1]Criteria[6]::(1)->49
Setting True value 1
Checking Filter[1]Criteria[7]::(2328)->50
Setting True value 2328
Checking Filter[1]Criteria[7]::(2328)->50
Setting True value 2328
Checking Filter[1]Criteria[8]::()->0
Setting False
Checking Filter[1]Criteria[8]::()->0
Setting False
Checking Filter[1]Criteria[8]::()->0
Setting False
Checking Filter[1]Criteria[8]::()->0
Setting False
Checking Filter[1]Criteria[8]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[13]::(1)->49
Setting True value 1
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[14]::(0)->48
Setting False
Checking Filter[1]Criteria[16]::(0)->48
Setting False
Checking Filter[1]Criteria[20]::()->0
Setting False
Checking Filter[1]Criteria[21]::()->0
Setting False

Checking Filter[1]Criteria[21]::()->0
Setting False
Total Files Scanned: 1
Checking Filter[1]Criteria[21]::()->0
Total Viruses Found: 0
Setting False
Total Infected Files Found: 0
Checking Filter[1]Criteria[21]::()->0
Setting False
Scan Mode: Secure
Checking Filter[1]Criteria[22]::()->0

Setting False
*** End Of Summary ***
ProcessFilter:
Releasing 4 Results
Returned 0

Total Files Scanned: 1
Total Viruses Found: 0
Total Infected Files Found: 0
Scan Mode: Secure

*** End Of Summary ***
Returned 0
File C:\PROGRA~2\MAILEN~1\Scratch\96CB28~1.MAI\2.ATT is an encrypted archive mem
ber and cannot be scanned

Total Files Scanned: 1
Total Viruses Found: 0
Total Infected Files Found: 0
Scan Mode: Secure

*** End Of Summary ***
Returned 0
Processing Message Content...
To Found:David Warrick <diamond@orcacomm.net>

From Found:eicar@aleph-tec.com

Processing Recipient List of 1 delimiters
Message sender/recipient criteria met
Message sender/recipient criteria met
Mime Encapsulatation detected
Message General Criteria met against [pass] in specified word list.
Attachment Found:Content-Type: application/octet-stream; name="eicarpasswd.zip"

Skipping encoded attachment
Attachment Found:Content-Disposition: attachment; filename="eicarpasswd.zip"

Checking Filter[1]Criteria[6]::(1)->49
Setting True value 1
Checking Filter[1]Criteria[7]::(2568)->50
Setting True value 2568
Checking Filter[1]Criteria[7]::(2568)->50
Setting True value 2568
Checking Filter[1]Criteria[8]::()->0
Setting False
Checking Filter[1]Criteria[8]::()->0
Setting False
Checking Filter[1]Criteria[8]::()->0
Setting False
Checking Filter[1]Criteria[8]::()->0
Setting False
Checking Filter[1]Criteria[8]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[13]::(1)->49
Setting True value 1
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[14]::(0)->48
Setting False
Checking Filter[1]Criteria[16]::(0)->48
Setting False
Checking Filter[1]Criteria[20]::()->0
Setting False
Checking Filter[1]Criteria[21]::()->0
Setting False
Checking Filter[1]Criteria[21]::()->0
Setting False
Checking Filter[1]Criteria[21]::()->0
Setting False
Checking Filter[1]Criteria[21]::()->0
Setting False
Checking Filter[1]Criteria[22]::()->0
Setting False
ProcessFilter:
Releasing 4 Results
File C:\PROGRA~2\MAILEN~1\Scratch\72F007~1.MAI\3.ATT is an encrypted archive mem
ber and cannot be scanned

Total Files Scanned: 1
Total Viruses Found: 0
Total Infected Files Found: 0
Scan Mode: Secure

*** End Of Summary ***
Returned 0
Processing Message Content...
To Found:David Warrick <diamond@orcacomm.net>

From Found:eicar@aleph-tec.com

Processing Recipient List of 1 delimiters
Message sender/recipient criteria met
Message sender/recipient criteria met
Mime Encapsulatation detected
Message General Criteria met against [pass] in specified word list.
Attachment Found:Content-Type: image/gif; name="SecretNumber.gif"

Attachment Criteria Met
Skipping encoded attachment
Attachment Found:Content-Disposition: attachment; filename="SecretNumber.gif"

Attachment Criteria Met
Message General Criteria met against [Content-ID:] in specified word list.
Attachment Found:Content-Type: application/octet-stream; name="eicarpasswdocr.zi
p"

Skipping encoded attachment
Attachment Found:Content-Disposition: attachment; filename="eicarpasswdocr.zip"

Checking Filter[1]Criteria[6]::(1)->49
Setting True value 1
Checking Filter[1]Criteria[7]::(4591)->52
Setting True value 4591
Checking Filter[1]Criteria[7]::(4591)->52
Setting True value 4591
Checking Filter[1]Criteria[8]::(1)->49
Setting True value 1
Checking Filter[1]Criteria[8]::()->0
Setting False
Checking Filter[1]Criteria[8]::()->0
Setting False
Checking Filter[1]Criteria[8]::()->0
Setting False
Checking Filter[1]Criteria[8]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[11]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[12]::()->0
Setting False
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[13]::(1)->49
Setting True value 1
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[13]::()->0
Setting False
Checking Filter[1]Criteria[14]::(0)->48
Setting False
Checking Filter[1]Criteria[16]::(0)->48
Setting False
Checking Filter[1]Criteria[20]::()->0
Setting False
Checking Filter[1]Criteria[21]::()->0
Setting False
Checking Filter[1]Criteria[21]::()->0
Setting False
Checking Filter[1]Criteria[21]::(1)->49
Setting True value 1
Checking Filter[1]Criteria[21]::()->0
Setting False
Checking Filter[1]Criteria[22]::()->0
Setting False
ProcessFilter:
Releasing 4 Results

Any advice will be greatly appreciated!!!

Thank you,

David
Top
Post Reply

Return to “Third Party Applications”