Results 1 to 5 of 5

Thread: Zimbra AV not catching malware/.zip viruses

  1. #1
    czguy is offline Senior Member
    Join Date
    Jan 2014
    Posts
    68
    Rep Power
    1

    Default Zimbra AV not catching malware/.zip viruses

    I'm running ZCS Release 8.0.6.GA.5922.UBUNTU12.64 UBUNTU12_64 FOSS edition and so far everything is working pretty well. After a migration from 7.2.0 using ZeXtras I recreated my Virus Quarantine account and Amavis is blocking delivery of viruses every day. However, I've been noticing that we are receiving emails that are Spoofed from Efax, ADP, Xerox, and other entities that contain small ~100k .zip files which when unzipped in a sandbox environment are either a virus or malware.

    Many times Zimbra will mark these as Spam and move them to the Junk folder for the users, but there are times where users are opening up the file attachments and infecting workstations.

    Is there a way to block these small zip files by writing a custom rule or is there some sort of option in Zimbra to increase the effectiveness of Amavis/Clam?

    So far it's not a major problem, but even with desktop AV/AS software installed to protect the workstations I'd still like to eradicate any potential malware/viral payloads.

    Any suggestions guys?

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    You can block the attachments in the Admin UI/Global Settings and/or restrict them from being viewed in the COS.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    czguy is offline Senior Member
    Join Date
    Jan 2014
    Posts
    68
    Rep Power
    1

    Default

    I blocked the .zip extension in Global Settings and it set it to notify the recipient of quarantine and it works fine. Am I to assume if someone wants to send a legitimate .zip file it will be quarantined, then after I receive the notice I can download it, sanitize, and deliver the content to the user? It's a bit of a manual process but these malware payloads are getting out of hand and the AV system is not catching them all of the time.

    Thanks for your help, Bill.

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,201
    Rep Power
    56

    Default

    Quote Originally Posted by czguy View Post
    I blocked the .zip extension in Global Settings and it set it to notify the recipient of quarantine and it works fine. Am I to assume if someone wants to send a legitimate .zip file it will be quarantined, then after I receive the notice I can download it, sanitize, and deliver the content to the user?
    Yes, in these circumstances that would be what you need to do.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    czguy is offline Senior Member
    Join Date
    Jan 2014
    Posts
    68
    Rep Power
    1

    Default

    Quote Originally Posted by phoenix View Post
    Yes, in these circumstances that would be what you need to do.
    Sounds feasible, I think the manual process is a good trade-off to not having these payloads delivered.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. AV Catching Only a Few Attachments
    By tommyf in forum General Questions
    Replies: 3
    Last Post: 11-13-2012, 07:54 PM
  2. Malware error ?
    By INDONIHONBOEKI in forum General Questions
    Replies: 3
    Last Post: 02-21-2010, 06:20 AM
  3. Zimbra Desktop Spell Checker not catching most errors
    By christinesf in forum General Questions
    Replies: 14
    Last Post: 10-21-2009, 10:42 AM
  4. Zimbra Desktop Spell Checker not catching most errors
    By christinesf in forum Error Reports
    Replies: 0
    Last Post: 05-30-2009, 06:47 PM
  5. Team Cymru - Malware Hash Registry
    By uxbod in forum /etc
    Replies: 0
    Last Post: 10-28-2008, 02:37 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •