| Welcome to the Zimbra - Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
08-29-2008, 09:22 AM
| | |  Exclusions to Zimbra anti-virus
If an email attachment got scanned as a virus, and the file did not have a
virus in it. How do you exclude email addresses or exclusions to the
anti-virus that zimbra is using? |
09-02-2008, 06:08 AM
| | |
Any thoughts on this one, or reference points? |
09-02-2008, 06:13 AM
| | |
Not really sure what you are asking ?
__________________ SplatNIX IT Services :: Innovation through Collaboration™  http://www.messagefortress.com |
09-02-2008, 06:40 AM
| | |
Was this a one time occurance? If so, I probably wouldn't worry too much about it.
I don't think there is a way to "white list" a particular email address from being scanned for viruses. You can turn off specific file type checking, but I wouldn't recommend that.
If you have attachments with macros or other script / exe types and those are normally blocked, try zipping them into password protected zip files and turn off blocking of encrypted archives. |
09-02-2008, 07:28 AM
| | Special Member | |
Posts: 133
| |
I think that you can check the clamav signature database for the offending signature and then query the clamav people to see why it was added as a virus. There are plenty docs on the web to show you how to do it as well as the clamav documentation |
09-02-2008, 08:07 AM
| | |
To clarify, we have a backup file that is encrypted/zipped, and zimbra's anti-virus sees it as a threat. Is there a way to make an exclusion for files being sent from a particular address? Example: All files sent from example@domain.com are safe. Something along those lines. If a file is labeled a virus, is it put into a quarantine? If so, is there a way to access the file after?
So, basically we're trying to receive a file from an email address that is labeled a virus, but it is not. |
09-02-2008, 08:11 AM
| | Special Member | |
Posts: 133
| |
Quote:
Originally Posted by Amin Kardan  To clarify, we have a backup file that is encrypted/zipped, and zimbra's anti-virus sees it as a threat. Is there a way to make an exclusion for files being sent from a particular address? Example: All files sent from example@domain.com are safe. Something along those lines. If a file is labeled a virus, is it put into a quarantine? If so, is there a way to access the file after?
So, basically we're trying to receive a file from an email address that is labeled a virus, but it is not. | I am not sure that this is possible with clamav. Neither is there an option to retrieve quarantine messages. The first thing to do is check why it is being trapped as a virus. What does the logs say? |
09-02-2008, 08:12 AM
| | |
Which logs, and where can I locate them? I'm new to Zimbra, a step into the right direction would be appreciated. |
09-02-2008, 08:38 AM
| | |
Quote:
Originally Posted by Amin Kardan To clarify, we have a backup file that is encrypted/zipped, and zimbra's anti-virus sees it as a threat. Is there a way to make an exclusion for files being sent from a particular address? Example: All files sent from example@domain.com are safe. Something along those lines. If a file is labeled a virus, is it put into a quarantine? If so, is there a way to access the file after?
So, basically we're trying to receive a file from an email address that is labeled a virus, but it is not. | The problem is that when clam av is unable to scan a file because it can't get past the password, it will automatically quarantine that file as a potential threat.
In your case the easiest way to get around this, is to go to your Global Options and uncheck the "block encrypted archives". This will allow all password protected zip files to get in.
I do not believe you can "whitelist" an email or a domain. However, even if you could, it would be VERY dangerous to do that, even if you completely trust that email or domain.  |
09-02-2008, 08:47 AM
| | Special Member | |
Posts: 133
| |
I think that it would be beneficial to understand how Zimbra is made up. What components are put together to produce the overall platform. The anti virus component is Clam antivirus. Clam antivirus is a signature based virus definition application. This means that when a virus is identified it is given a unique signature and added to the definition database. Every mail that comes in has it's attachments signature checked against the definition database. If there is a match then clamav thinks that it is a virus. This in turn tells postfix (via amavis) to reject the incoming message. Clamav comes with a series of tools and libraries to allow you to interrogate the definition database as well as a signature tool and if I am not mistaken you can identify the signature of your mail and remove it from the database. Or you can use clamav's web based tools to uploaded the mail and let it report why it is being trapped. It could also have something to do with max compression ratios or recursive archiving because it is a zip file, but unless you look at the logs you will not know.
edit the file /opt/zimbra/clamav/etc/clamd.conf
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
#LogFile /tmp/clamd.log
uncomment LogFile and restart the MTA. | | Thread Tools | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
