Email that gets the suspect virus verdict are sent to suspect virus quarantine, but they do not reach it.
Looking in the Delivery queue, the emails are there.
The route information shows an old IP address that used to be the Control Center address but that address is no longer valid. The mail is unable to move forward.
In some versions of SMG prior to 10.5.4, this IP address was not updated properly when the Control Center IP address was changed. If the server was upgraded to 10.5.4 after the last IP change, the old IP could still be left behind in the suspect virus policy settings stored in bmiconfig.xml.
In order to resolve this problem, please follow the steps below:
Change the action for all suspect virus policies to something different (anything)
Save the changes
Go back in the same actions page
Change the action back to the original one
This will push the new, correct IP address to the scanner(s) allowing these emails to delivery properly to the suspect virus quarantine
Next, find the misrouted emails in the delivery queue and re-route them to the correct IP at port 41025.
This will allow the emails to reach the suspect virus quarantine.
Subscribing will provide email updates when this Article is updated. Login is required.