Results 1 to 8 of 8

Thread: Release Quarantine in ZCS 8.x version?

  1. #1
    Labsy is offline Elite Member
    Join Date
    Nov 2009
    Location
    Ljubljana, Slovenia
    Posts
    268
    Rep Power
    5

    Default Release Quarantine in ZCS 8.x version?

    Hi,

    in 7.x and previous versions quarantine release was quite simple:
    Code:
    sudo su zimbra
    /opt/zimbra/bin/zmlmtpinject -s <envelope_sender> /opt/zimbra/data/amavisd/quarantine/virus-whatever -r <recipient>
    But from 8.x version further I cannot find quarantined mails in /opt/zimbra/data/amavisd/quarantine/ anymore. Actually, there ARE some fresh mails there, but none of those, which I receive alert to be quarantined:
    Code:
    BANNED CONTENTS ALERT
    
    Our content checker found
        banned name: .asc,swfobject.js
    
    in an email to you from:
      sender@domain.com
    
    Content type: Banned
    Our internal reference code for your message is 06331-14/l_Q-IqgUwtJG
    
    First upstream SMTP client IP address: [123.45.67.89]
      BSN-89-67-123.static.adsl.net
    According to a 'Received:' trace, the message apparently originated at:
      [123.45.67.89], SENDER BSN-89-67-123.static.adsl.net [123.45.67.89]
    
    Return-Path: <sender@domain.com>
    From: =?UTF-8?B?TmXFvmE=?= <sender@domain.com>
    Message-ID: <002d01ce0e27$853fd6f0$8fbf84d0$@domain.com>
    X-Mailer: Microsoft Outlook 14.0
    Subject: RE: SWF file
    The message has been quarantined as: virus-quarantine.j4h9f_xnb@zimbra.server.com
    
    Please contact your system administrator for details.
    I am looking for a file named 06331-14/l_Q-IqgUwtJG, but I cannot find any.
    How is quarantine changed in 8.x version and how can I release from quarantine?
    Zimbra on SGH dedicated hosting farm, Slovenia.
    In 2013 we announce new program of low cost SSL server certificates.

  2. #2
    hbarrett is offline Junior Member
    Join Date
    Dec 2006
    Location
    New Mexico
    Posts
    6
    Rep Power
    8

    Default

    I came across your question while searching for an answer to the same problem. I wish Zimbra would have a doc explaining this.
    First: As you know virus quarantines are no longer sent to the /opt/zimbra/data/amavisd/quarantine/ directory. What you may not know, is that they are now sent to the virus-quarantine account.

    If you know how to log into this account skip to step 3.

    Step 1. Find the name of your account:
    As the zimbra user on your mail server, from the cli run zmprov -l gaa (you can also find the name in the e-mail that was sent virus-quarantine.j4h9f_xnb@zimbra.server.com)

    Step 2. Change the password for this account if you don't know it:
    zmprov sp <full account name> <new password>
    example: zmprov sp virus-quarantine.j4h9f_xnb@zimbra.server.com secret

    Step 3. Log on to the web interface with this account, like you would with any other account and find the message you wish to release.

    Step 4. Right click on the message and click on "Redirect"

    Step 5. Type the address where the message was supposed to go and click OK.

    That's it the message should be on its way.
    Last edited by hbarrett; 07-05-2013 at 09:10 AM.

  3. #3
    bhotrock is offline Junior Member
    Join Date
    Jul 2011
    Posts
    9
    Rep Power
    4

    Default

    hbarrett,

    Thanks for the good instructions to find and login to the quarantine account. At least this is an easy way to download the quarantined file.

    However, when I try to redirect the message to the original recipient, it just ends up as another copy in quarantine and the end user gets another virus notification. I am using FOSS version 8.0.5_GA_5839.

    Is there a setting that I need to change somewhere? Does it only work on the Network edition, or has this functionality been removed/broken since you posted this in July?
    Thanks again for providing the information!

  4. #4
    Labsy is offline Elite Member
    Join Date
    Nov 2009
    Location
    Ljubljana, Slovenia
    Posts
    268
    Rep Power
    5

    Default

    Hi,

    as far as I dig into this isue, I found the easiest way to access quarantined items via Admin Web GUI. Quarantined items are now actually put into separate mailbox, which cam be read as any other mailbox on server.
    Easily from Admin GUI, for example:
    - first, note in received e-mail the line, for example, "The message has been quarantined as: virus-quarantine.j4h9f_xnb@zimbra.something.com"
    - then, login into Admin Web GUI and look among mailbox accounts for mailbox named, in this example, "virus-quarantine.j4h9f_xnb"
    - view mailbox content as admin and you will get access to all quarantined items, which were not wiped out by garbage collector
    Zimbra on SGH dedicated hosting farm, Slovenia.
    In 2013 we announce new program of low cost SSL server certificates.

  5. #5
    bhotrock is offline Junior Member
    Join Date
    Jul 2011
    Posts
    9
    Rep Power
    4

    Default

    I agree, this is the easiest way to get access to the quarantined item. However, hbarrett said in Steps 4 and 5 to "redirect" the message to the original recipient. I think this would be a good option, because the message and attachment get delivered directly to the intended recipient.

    When I tried to redirect the message (after logging into the quarantine account), the message is caught by the antivirus scanner, sent to quarantine again, and the end user is notified again of a quarantined object.

    Since it appears that the redirect worked for hbarrett, I'm wondering if it only works on the Network Edition, or if something has changed since hbarrett posted this message, or if I need to change a setting somewhere to allow the message to bypass the antivirus scan after being redirected.

    Right now, my only solution is to login to the quarantine account, download the attachment and find a different way (outside of Zimbra) to deliver it to the recipient. I really believe that there should be a way to administratively manage these quarantined items and deliver them to the end user when they have been determined by the administrator to be "safe".

    I have voted for bug 8454 https://bugzilla.zimbra.com/show_bug.cgi?id=8454 and hope that we can end up with something in the admin interface so that we can release messages from quarantine.

  6. #6
    hbarrett is offline Junior Member
    Join Date
    Dec 2006
    Location
    New Mexico
    Posts
    6
    Rep Power
    8

    Default

    Just FYI, it no longer works for me after I upgraded to Zimbra 8.0.6_GA_5922.

  7. #7
    NorthWill is offline Junior Member
    Join Date
    Sep 2013
    Posts
    9
    Rep Power
    1

    Default

    Quote Originally Posted by hbarrett View Post
    Just FYI, it no longer works for me after I upgraded to Zimbra 8.0.6_GA_5922.
    I also upgraded to 8.0.6_GA.5922 (Network Edition) and I see that the virus quarantine account no longer shows up in the Admin Console. However if you know the account name and password you can still log on directly to the account through the web interface.

    You still cannot redirect the message as it just goes back to the quarantine mailbox but at least you can read the message and/or print a copy. That's OK for a small installation but I wouldn't want to try it for a large organization and then there is the issue that there are some emails that an admin just doesn't want to see.

    I've also voted for https://bugzilla.zimbra.com/show_bug.cgi?id=8454. Hopefully there can be a solution to allow admins to release quarantined messages without either a lot of work or compromising confidentiality.

  8. #8
    Eclipse is offline Loyal Member
    Join Date
    Jun 2011
    Posts
    76
    Rep Power
    4

    Default

    Quote Originally Posted by NorthWill View Post
    I also upgraded to 8.0.6_GA.5922 (Network Edition) and I see that the virus quarantine account no longer shows up in the Admin Console. However if you know the account name and password you can still log on directly to the account through the web interface.

    You still cannot redirect the message as it just goes back to the quarantine mailbox but at least you can read the message and/or print a copy. That's OK for a small installation but I wouldn't want to try it for a large organization and then there is the issue that there are some emails that an admin just doesn't want to see.

    I've also voted for https://bugzilla.zimbra.com/show_bug.cgi?id=8454. Hopefully there can be a solution to allow admins to release quarantined messages without either a lot of work or compromising confidentiality.

    For anyone still encountering an issue for finding the virus account in Zimbra 8+ or trying to recover an email. You can use the Web Console.

    If you go to the admin account, from the management home screen, remove any search filters, then click search.

    Ex - http://i.imgur.com/RqyTdqQ.png

    Then under Accounts on the left, the virus account will show up.

    I have no idea why they don't have a system account section under the management section (WHICH WOULD MAKE SENSE).

    But you can right click the virus account under the search and click view mail. Your quarantined email will be there.

Thread Information

Users Browsing this Thread

There are currently 2 users browsing this thread. (0 members and 2 guests)

Similar Threads

  1. Replies: 0
    Last Post: 09-26-2012, 08:53 AM
  2. Replies: 0
    Last Post: 09-26-2012, 08:53 AM
  3. Where is the quarantine?
    By NoDoze in forum Administrators
    Replies: 4
    Last Post: 11-10-2009, 03:28 PM
  4. Replies: 3
    Last Post: 03-21-2008, 09:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •