Content Filter Quarantined Email

[valley_girl1919]

Hi! This is the first time I have dealt with this in Zimbra. Here is the situation I need help with.

I have a user that is expecting an email from someone, but every time the person tries to email the user, the user gets an email stating:

VIRUS ALERT
Our content checker found
virus: Heuristics.Encrypted.PDF
in an email to you from probably faked sender:xxx.xxx.xxx.x
Content type: Virus
Our internal reference code for your message is 19882-10/HIUBDgAeTUDu

First upstream SMTP client IP address:xx.xxx.xx.xx
According to a 'Received:' trace, the message apparently originated at:
[xxx.xxx.xxx.x], OwnerPC [xxx.xxx.xx.xxx]
The message has been quarantined as: virus-quarantine.tqc4u9kp@fnbandt.com

Please contact your system administrator for details.

The email has an encrypted pdf attachment and I believe this is why it is being blocked. Our email gateway is not blocking it or showing any virus alerts.

This is the first time I have had an email quarantined from the Zimbra server. How do I release this?

[phoenix]

Quote:

Originally Posted by valley_girl1919

This is the first time I have had an email quarantined from the Zimbra server. How do I release this?

You'll find a script in the forums that will do that for you, you should also update your forum profile with the output of the following command:

Code:

zmcontrol -v

[valley_girl1919]

Quote:

Originally Posted by phoenix

You'll find a script in the forums that will do that for you, you should also update your forum profile with the output of the following command:

Code:

zmcontrol -v

Thanks!

Sorry to have to ask, but how do I update my forum profile with the output zmcontrol -v? Where do I type this? Thanks!

[phoenix]

Quote:

Originally Posted by valley_girl1919

Sorry to have to ask, but how do I update my forum profile with the output zmcontrol -v? Where do I type this? Thanks!

I've given you the link to that in my previous post.

[shoneo]

Can I get this script?

Regards

[phoenix]

Quote:

Originally Posted by shoneo

Can I get this script?

Yes, it's in the forums if you do a quick search for it.

[shoneo]

Please, send me a link. I could not find it.

Regards

[maumar]

Quote:

Originally Posted by valley_girl1919

The email has an encrypted pdf attachment and I believe this is why it is being blocked. Our email gateway is not blocking it or showing any virus alerts.

someone does know how to avoid it?
can i avoid the ban of encrypted pdf attachment?
should i change amavis .in file?

[maumar]

no, in clamav.conf.in

in some way this should be set to no

Code:

%%uncomment VAR:zimbraVirusBlockEncryptedArchive%%ArchiveBlockEncrypted yes

[maumar]

it seems that thsi:

Code:

%%uncomment VAR:zimbraVirusBlockEncryptedArchive%%ArchiveBlockEncrypted yes

should be changed

Code:

%%comment VAR:zimbraVirusBlockEncryptedArchive%%ArchiveBlockEncrypted yes

then restart clamav and u get

Code:

# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: no
#ArchiveBlockEncrypted yes

hopefully no pdf encrypted wil banned *for ever*
that is what customers pay for....