Error 250 - Email contained a Virus and was discarded

Description of problem

All messages sent through AuthSMTP are virus scanned to detect any malicious content - if a message has content that is deemed malicious the message will not be delivered and we will send an email back to the sender address advising why it was rejected.

It is IMPORTANT to note these errors will not be logged in your control panel history, we only send the email back to the sender.

How to resolve this problem

This issue can't be resolved because we do not permit malicious content to be sent through our service but we do recommend that you take steps to establish what content triggered the virus filter because it could indicate that you have a virus or that your account details have been compromised or stolen.

The email that we send back will contain a string showing what was detected - this string is in the format of:

Platform/Application.Type.Name-Variant
  • Platform / Application = The platform or application that the malicious code is designed to target
  • Type = The type of exploit in use such as trojan, phishing email, disguised file name
  • Name-Variant = The name given to the virus / trojan or the variant of the type of exploit

Examples

Heuristics.Phishing.Email.SpoofedDomain

This isn't a virus or malicious file attached to the email - this is where you have a web link in your email that appears to go to one website but actually links to a completely different website. This is a tactic often used in phishing emails where malicious third parties are trying to steal website login details.

This can be inadvertently triggered by some innocent links so we always recommend that if you are putting links in your emails you do it in a format where you have a phrase or title linked to a web address rather than a web address linked to a web address

CORRECT - Link to my website

INCORRECT - http://www.example.com (Links to our homepage)

Zip.Suspect.WinDoubleExtension-zippwd-2

This indicates that the message had a ZIP archive file attached and the archive contained a file with a double extension - for example:

  • /this-is-my-zip-file.zip
    • /this-is-my-zip-file.zip/okay-1.txt
    • /this-is-my-zip-file.zip/okay-2.txt
    • /this-is-my-zip-file.zip/bad.txt.exe

Trying to disguise files in this way is a common tactic used by spammers and virus writers to trick users into opening a malicious file. This can be triggered by a legitimate file but if it is, we recommend that you rename your files to just use a single extension.

Win.Trojan.Generickd-862

This indicates the email contained a trojan virus - if you find that you have emails rejected with this error it could mean that your computer is infected or your account details have been compromised and we recommend that you take urgent action to scan your computer and find the source of this email.


If you have any problems or questions about the virus scanning please login to the control panel and raise a support ticket.