Topic: outlook - clamav problem

[cc_skavenger]

Hello all.

I am wondering if anyone else is having this problem.  I have several users that use outlook and when they send mail, it is always put in the problems directory in clamav due to the winmail.dat problem (tnef).  I have looked at amavis.conf and there seems to be support for tnef, but it just does not seem to work.  
I was just wondering what everyone else is doing about this?

[Franco]

Is this for 6 or 7?
I'm using them both in several locations and I just don't have this problem.
Messages received do get the attachment:

Code: [Select]


X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478
X-MS-TNEF-Correlator: <001201c51799$fafac220$0c00a8c0@oemcomputer>
Content-Type: application/ms-tnef;
name="winmail.dat"
Content-Transfer-Encoding: base64
Content-Disposition: attachment;
filename="winmail.dat"

[cc_skavenger]

OK,
I should say that "some" user's e-mail ends up in the problem directory, not "all".  It is weird.  It only seems to happen to certain customers.  I am not sure what to check for, since I don't use Outlook.

ps.  It is version 6.X.

[CharlieBrady]

ps.  It is version 6.X.

It's not then - it's version 6.X (for some particular X) with some clamav add-on, and your problem is probably specific to the particular add-on (and configuration of that add-on). So it would be worthwhile you mentioning those things, to get the best help possible.

[Knuddi]

Have you had a look at the log file for the email which has been placed in problems. Is it really related to the winmail.dat file or maybe someting else?

Are the clients using Outlook or Express? How are they connected to the server SSMTP/SMTP, IMAP, POP3?

How did you configure Antivirus (presuming that it's from my site)?

Also using SpamAssassin?

[cc_skavenger]

I did look at the log file and email.dat was listed in there, that is why I ASSUMED it was the problem.  I am using Knuddi's contribs for Spamassassin and Clamav.  I will check one of the remote servers when I get home and will look for a log file to paste here.  I am using SME 6.0.1-01 with all the latest updates installed.  
Other then this, this mail server handles mail for about 500 users and only a few get stuck in the problem folder.  It is just not good when it is the person who signs the checks that it happens to...

Thanks

[cc_skavenger]

Here are a couple of the log files.  This is the same user, same machine.  It seems like two different errors...

Unpacking message in /var/spool/amavis-ng/amavis-unpack-43ab7b4e-6283
Dec 22 22:21:34 mail-server amavis[25219]: AMAVIS: Determined 00000000 to be type message/rfc822
Dec 22 22:21:34 mail-server amavis[25219]: Attempting to unpack 00000000 as MIME compliant message
Dec 22 22:21:34 mail-server amavis[25219]: AMAVIS: Determined 00000001 to be type text/plain
Dec 22 22:21:34 mail-server amavis[25219]: Not attempting to unpack 00000001
Dec 22 22:21:34 mail-server amavis[25219]: AMAVIS: Determined 00000002 to be type application/ms-tnef
Dec 22 22:21:34 mail-server amavis[25219]: Attempting to unpack 00000002 as TNEF attachment
Dec 22 22:21:34 mail-server amavis[25219]: Not a TNEF attachment
Dec 22 22:21:34 mail-server amavis[25219]: AMAVIS: Error while unpacking 00000002 as application/ms-tnef
Dec 22 22:21:34 mail-server amavis[25219]: AMAVIS: Attempting to unpack 00000002 as application/ms-tnef
Dec 22 22:21:34 mail-server amavis[25219]: Attempting to unpack 00000002 as TNEF attachment
Dec 22 22:21:34 mail-server amavis[25219]: Not a TNEF attachment
Dec 22 22:21:34 mail-server amavis[25219]: AMAVIS: Error while unpacking 00000002 as application/ms-tnef. Giving up.
Dec 22 22:21:34 mail-server amavis[25219]: AMAVIS: Error while unpacking message
Dec 22 22:21:34 mail-server amavis[25219]: AMAVIS::MTA::Qmail: Freezing message
Dec 22 22:21:34 mail-server amavis[25219]: Quarantining infected message to /var/spool/amavis-ng/problems/43ab7b4e-6283


Unpacking message in /var/spool/amavis-ng/amavis-unpack-43ab7b4e-6285
Dec 22 22:21:35 mail-server amavis[25221]: AMAVIS: Determined 00000000 to be type message/rfc822
Dec 22 22:21:35 mail-server amavis[25221]: Attempting to unpack 00000000 as MIME compliant message
Dec 22 22:21:35 mail-server amavis[25221]: AMAVIS: Determined 00000001 to be type text/plain
Dec 22 22:21:35 mail-server amavis[25221]: Not attempting to unpack 00000001
Dec 22 22:21:35 mail-server amavis[25221]: AMAVIS: Determined 00000002 to be type application/ms-tnef
Dec 22 22:21:35 mail-server amavis[25221]: Attempting to unpack 00000002 as TNEF attachment
Dec 22 22:21:35 mail-server amavis[25221]: Premature EOF
Dec 22 22:21:35 mail-server amavis[25221]: AMAVIS: Error while unpacking 00000002 as application/ms-tnef
Dec 22 22:21:35 mail-server amavis[25221]: AMAVIS: Attempting to unpack 00000002 as application/ms-tnef
Dec 22 22:21:35 mail-server amavis[25221]: Attempting to unpack 00000002 as TNEF attachment
Dec 22 22:21:35 mail-server amavis[25221]: Premature EOF
Dec 22 22:21:35 mail-server amavis[25221]: AMAVIS: Error while unpacking 00000002 as application/ms-tnef. Giving up.
Dec 22 22:21:35 mail-server amavis[25221]: AMAVIS: Error while unpacking message
Dec 22 22:21:35 mail-server amavis[25221]: AMAVIS::MTA::Qmail: Freezing message
Dec 22 22:21:35 mail-server amavis[25221]: Quarantining infected message to /var/spool/amavis-ng/problems/43ab7b4f-6285

Any ideas?  Both messages were about 60K in size.

[kruhm]

winmail.dat is a well-known problem with OUTLOOK messages using rich-text format when sending a message out.

set the OUTLOOK clients to use PLAIN TEXT or HTML

OTHER OPTIONS:
if the above doesn't work, i've had to manually uninstall clamav & reinstall through script before. don't know why it happens, but it seems to fix anything wrong with clamav.

[cc_skavenger]

thanks for the tip kruhm.  I will give it a shot right now!