Hi there, I've an untangle 11.2 installation that doesn't parse some of the email going through it, even though they show just fine in the spamblocker lite interface.
At the moment I can even recreate the problem since one of the email that skip virus lite check is hold in an antispam server before untangle, and when I try to redeliver the mail, it skipp virus lite check all the time. The mail contain a virus but I don't care if it's reported clean or infected, I just wish it was checked at all.
I've enabled the adding header option in the spamblocker, and in the report I can see the mail getting a score (1.7) and when I check the complete MIME for the mail, I can see the spam headers added by untangle.
There is no track however of such mail in the virusblocker lite.
The attachment is a zip with an exe inside.
I'v made sure the "zip" extensions is specified in the advanced options in virus lite. I even added all the mime types used in the email in question (application/* , text/* , multipart/* added to the default message/* ).
Still no luck..
This is the spamblocker lite report where I can see the email going through untangle:
spamlite_untangle.png
This is part of the email mime
Code:Received: from --- by --- with ESMTP id 2016030808480847-352 ; Tue, 8 Mar 2016 08:48:08 +0100 (cut) From: --sender-- To: <piero_piutti@mydomain.it> Subject: Invio Fattura Mese di Marzo 2016 MIME-Version: 1.0 X-Priority: 3 (Normal) Message-ID: <8b1ffaf121.7Cf0a93f.6d70c14F9D9EAb@ekbbqc.prepl.tv> X-MIMETrack: Itemize by SMTP Server on --- at 08/03/2016 08:48:00, Serialize by Router on --- at 08/03/2016 08:48:00, Itemize by SMTP Server on --- at 08/03/2016 08.48.08, Serialize by HTTP Server on --- at 08/03/2016 08.51.13 X-spam-status: No, score=1.7 required=5.0 tests=RCVD_IN_DNSWL_NONE,FREEMAIL_FROM,SPF_HELO_PASS,RCVD_IN_SORBS_WEB,SPF_SOFTFAIL,FREEMAIL_ENVFROM_END_DIGIT,URIBL_BLOCKED,BAYES_40,HTML_MESSAGE X-Spam-Flag: NO Content-Type: multipart/mixed; boundary="----=a__mty_2_218_478" ------=a__mty_2_218_478 Content-Type: multipart/alternative; boundary="----=_mty_2_218_478" ------=_mty_2_218_478 Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="utf-8" In allegato trasmettiamo ns fattura in oggetto .Cordiali saluti. - Uff. a= mministrazioneAi sensi del Decreto Legislativo n. 196/2003, si precisa ch= e le informazioni contenute in questo messaggio e negli eventuali allegat= i sono riservate e per uso esclusivo del destinatario. Persone diverse da= llo stesso non possono copiare o distribuire il messaggio a terzi. Chiunq= ue riceva questo messaggio per errore, č pregato di distruggerlo e d= i informare immediatamente: info@mobilia.it Sebbene questa e-mail e gli a= llegati debbano ritenersi privi di qualsiasi virus č responsabilit&#= 224; del ricevente accertare che non ne siano affetti. ------=_mty_2_218_478 Content-Transfer-Encoding: quoted-printable Content-Type: text/html; charset="utf-8" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META http-equiv=3DContent-Type content=3D"text/html; charset=3Dutf-8"> <STYLE></STYLE> </HEAD> <BODY> <div> In allegato trasmettiamo ns fattura in oggetto .<br> Cordiali saluti.<br> - Uff. amministrazione </div> <p><font size=3D"2"><span> Ai sensi del Decreto Legislativo n. 196/2003, si precisa che le informazi= oni contenute in questo messaggio e negli eventuali allegati sono riserva= te e per uso esclusivo del destinatario. Persone diverse dallo stesso non= possono copiare o distribuire il messaggio a terzi. Chiunque riceva ques= to messaggio per errore, č pregato di distruggerlo e di informare im= mediatamente: info@mobilia.it Sebbene questa e-mail e gli allegati debban= o ritenersi privi di qualsiasi virus č responsabilitą del ricev= ente accertare che non ne siano affetti.</span></font> </BODY></HTML> ------=_mty_2_218_478-- ------=a__mty_2_218_478 Content-Type: application/zip; name="2016 - Fattura Mese di Marzo.zip" Content-ID: <007201d17865$4157acf0$3201a8c0@25416B4R> Content-Transfer-Encoding: base64 (cut --- attchment code follow)