Page 2 of 2 FirstFirst 12
Results 11 to 19 of 19

Thread: Content Filter Quarantined Email

  1. #11
    dik23 is offline Advanced Member
    Join Date
    Dec 2010
    Location
    UK
    Posts
    233
    Rep Power
    4

    Default

    I have tried this but now it lets encrypted zip files through which is not really a winner.

    Any ideas ?

  2. #12
    dik23 is offline Advanced Member
    Join Date
    Dec 2010
    Location
    UK
    Posts
    233
    Rep Power
    4

    Default

    I see what the issue is now

    How to disable blocking Encrypted.pdf alone | ClamAV | users

    ClamAV didn't used to be able to detect encrypted PDFs but now it can. But there's no option to ignore encrypted PDFs so you have to let all encrypted files through. But ClamAV claim to be able to detect viruses in encrypted files, which kind of contradicts the idea of blocking them.

    And there's no ability to only let only encrypted PDFs through which would surely decrease the risk posed by the non PDF encrypted files.

    Seems rather odd to me, I hope that a better solution can be found. The current one suggested in the link above doesn't seem to be very clever.

  3. #13
    maumar is offline Elite Member
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    8

    Default

    Maybe I am not able to understand what you mean.
    Imho, when Tomasz Kojm declares:

    Code:
    Yes, you're right. However please keep in mind we create sigs for
    encrypted malware, so you should still be able to catch real threats.
    he wants say that encrypted files will not be banned.
    Saying: do not block, would mean that they will be scanned, not that they will pass.

  4. #14
    dik23 is offline Advanced Member
    Join Date
    Dec 2010
    Location
    UK
    Posts
    233
    Rep Power
    4

    Default

    That's the bit I read as the ability to scan for malware inside encrypted files.

    If this is true then surely it'd be ok to allow encrypted files in the admin console.

    Is anyone able to clear this up ?

  5. #15
    phingers is offline Special Member
    Join Date
    Jan 2007
    Location
    Fort Lauderdale, FL
    Posts
    151
    Rep Power
    8

    Default

    Any updates on this?

    I do not see any other mentions in the forum regarding Heuristics.Encrypted.PDF

    I would like to allow these files to pass through to the customers mailbox.

  6. #16
    maumar is offline Elite Member
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    8

    Default

    Quote Originally Posted by phingers View Post
    I would like to allow these files to pass through to the customers mailbox.
    you should comment line regarding ArchiveBlockEncrypted

    Code:
    # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
    # Default: no
    #ArchiveBlockEncrypted yes

  7. #17
    wdman is offline Active Member
    Join Date
    Sep 2007
    Posts
    38
    Rep Power
    7

    Default

    VOTE!!! --> Official Support for CentOS
    https://bugzilla.zimbra.com/show_bug.cgi?id=23487

  8. #18
    grafiky is offline Active Member
    Join Date
    Apr 2011
    Posts
    28
    Rep Power
    4

    Default

    Quote Originally Posted by valley_girl1919 View Post
    Hi! This is the first time I have dealt with this in Zimbra. Here is the situation I need help with.

    I have a user that is expecting an email from someone, but every time the person tries to email the user, the user gets an email stating:

    VIRUS ALERT
    Our content checker found
    virus: Heuristics.Encrypted.PDF
    in an email to you from probably faked sender:xxx.xxx.xxx.x
    Content type: Virus
    Our internal reference code for your message is 19882-10/HIUBDgAeTUDu

    First upstream SMTP client IP address:xx.xxx.xx.xx
    According to a 'Received:' trace, the message apparently originated at:
    [xxx.xxx.xxx.x], OwnerPC [xxx.xxx.xx.xxx]
    The message has been quarantined as: virus-quarantine.tqc4u9kp@fnbandt.com

    Please contact your system administrator for details.


    The email has an encrypted pdf attachment and I believe this is why it is being blocked. Our email gateway is not blocking it or showing any virus alerts.

    This is the first time I have had an email quarantined from the Zimbra server. How do I release this?
    "I modify the clamv config through zimbraAdmin Gui.
    Configurations -> General Configurations -> AS/AV
    We can send/receive encrypted files "
    http://www.zimbra.com/forums/adminis...-messages.html

  9. #19
    bhwong is offline Outstanding Member
    Join Date
    Feb 2009
    Location
    Singapore
    Posts
    500
    Rep Power
    7

Page 2 of 2 FirstFirst 12

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Deferred Email - Content Filter: Undefined
    By Ericx in forum Administrators
    Replies: 0
    Last Post: 02-19-2008, 11:48 AM
  2. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  3. content filter attacked?
    By ahhhh in forum Administrators
    Replies: 2
    Last Post: 03-26-2007, 05:29 PM
  4. upgrade to 4.0.3 antispam does'nt work
    By lucanannipieri in forum Administrators
    Replies: 14
    Last Post: 11-07-2006, 03:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •