I’m running Axigen 10.5.11 on a Debian server with the built-in Bitdefender AV. How can I see the messages quarantined by Bitdefender?
Hello,
The messages filtered with Bitdefender (as most of the current AS/AV filters) are not quarantined.
BR,
Ioan
Hello loan,
I’ve had several messages filtered that I believe were false positives. Is there any other way to deal with filtering via the built-in Bitdefender other than enabled or disabled?
Hello,
The best option to deal with False Positive (as well as False Negative) results are by reporting them to Bitdefender which is possible via our support channel.
Other than that, from our support team, you may receive another filter recommendation (like lowering the antispam aggressivity level) or, depending of the nature of the FP you are facing, even a custom change into the associated AFSL file.
HTH,
Ioan
It’s specifically the AV detections that I want to be able to analyze and possibly recover for the end user.
X-AxigenVirus-Level: 5
X-AXIGEN-BD-Result: Infected
X-AxigenSpam-Level: 5Axigen AntiVirus & AntiSpam
The content of this message has been removed based on detection of infected data.
More details can be found here: https://www.axigen.com/go/bitdefender-infected
It would be great if we could get a filter to interdict AV positives and send them to the postmaster or some other designated mailbox so that we can analyze the payload and deal with false positives. Our MSP customer is not happy that we can’t recover the file he is expecting because it was deleted by Bitdefender. I see that I can modify the AFSL and pass AV positives, but that is not a good solution - our end users aren’t tech savvy enough to know good from bad and they would end up infecting themselves.
Maybe I can modify AFSL and configure a message rule: When String X-AXIGEN-BD-Result Matches Infected Redirect to postmaster.
Hello,
Thank you for mentioning that you are reffering to AV False Positives.
In this case you could alter the AFSL (make a copy first) as instructed at line #71.
Thus please uncomment line 72 and comment line 73,74,75,76 and 77.
After this a service reload command should be executed so the change should be picked up.
Now, after this change, the body messages detected as “infected” will not be anymore wiped but the subject will be prefixed with [VIRUS]:
(if needed you may change this prefix as well).
HTH,
Ioan
PS: Please remember that at this time any change made for any AFSL file will need to be made again after installing a new 10.5 version - btw, what is your Axigen version and on which OS are you running it?
I’m running 10.5.11 on Debian bookworm.
It would be great if there was some way to copy the email as it arrived to the postmaster or a quarantine AND notify the user via the ACTION_SET_BODY in the AFSL. That would give the administrator the ability to review the AV positives, and it would also notify the user in real-time that an email sent to them was interdicted without giving the user the ability to infect themselves with known malware. Is it possible to script COPY_TO in the AFSL?