[SOLVED] Releasing quarantined emails

[AnthonyBurton]

This most certainly does not solve this problem. Why has Zimbra chosen to not include amavisd-release? *That* is the correct solution.

If you have a message that is marked as being a virus (becuase it includes an encrypted attachment), not only does Zimbra not allow you to release this file, but it incorrectly identifies it as being a virus.

Lame lame lamity Lame!

[drizzt]

There are many reasons to release quarantined messages.

At that time I had lot of messages in quarantine just because they contained UTF-8 chars in subject, but they were good messages so, first, I found a way to tell amavis to not quarantine them.
Second, I looked for a way to send them in the right recipients, and I used the solution I suggested.

If you are looking to a way to solve the second problem, you are in the right place...

[phoenix]

Quote:

Originally Posted by AnthonyBurton

This most certainly does not solve this problem. Why has Zimbra chosen to not include amavisd-release? *That* is the correct solution.

If you have a message that is marked as being a virus (becuase it includes an encrypted attachment), not only does Zimbra not allow you to release this file, but it incorrectly identifies it as being a virus.

Lame lame lamity Lame!

Feel free to vote on any RFEs in bugzilla for this enhancement, that would be the appropriate place.

[ewilen]

For example the ones collected here.

But, couldn't two or all three of these RFEs be combined into a single one? Right now there are probably people who don't care so much about the details, they just want better quarantine handling, and their votes are split across related RFEs.

[jefft@iri.columbia.edu]

How does that bypass the filter? It still goes through zimbra and is then quarantined a second time.

[jefft@iri.columbia.edu]

I agree. This is not solved. There is still no real way to forward quarantined messages. The sendmail workaround doesn't work because the message is just quarantined again, and the other solution just isn't workable unless your mail queue is TINY.

[Cheakamus]

lindworm's link gave me an idea for an improved script that reflected the needs of my system. Here it is for those who are interested:

Code:

#!/usr/bin/perl -w
#
# send_quarantine.pl
#
# Script to send message caught by Amavis quarantine. Feed the raw message
# into STDIN: ./send_quarantine.pl < virus-EHzL3YEPv56N
#
# Assumptions:
#
#   Amavis has added an X-Envelope-From header listing original From address.
#     Use it as the From in the SMTP call.
#
#   Amavis has added an X-Envelope-To header that breaks out the original To,
#      Cc, Bcc, etc. Use it as the To in the SMTP call.
#
#   The first Received header marks the beginning of the good RFC822 message
#      that will be fed into the SMTP call.
#
#   Script is NOT responsible for removing the quarantined message. It just
#      feeds it to and SMTP handler, that's it.
#
# Inspired by infect script at http://www.amavis.org/contrib/furio.infect
#
# Jay MacDonald - ThinkTek Solutions
#
# Licensing information: do whatever you want with this script.
# There is no warranty.  The author brings no responsibility for
# any problem or damage related with the use of this script.
#

use Net::SMTP;

my $mailhost = "localhost";
my $port = 25;

my $inTo=0;
my $inFrom=0;
my $inMsg=0;
my $From='';
my $ToList='';
my $Subject='';

while ( <> ) {
  if ( $inFrom && /^\S/ ) {
    # No longer reading an X-Envelope-From header
    $inFrom=0;
  }
  if ( $inTo && /^\S/ ) {
    # No longer reading an X-Envelope-To header
    $inTo=0;
  }

  if ( /^X-Envelope-From:\s*(.*)\s*$/ ) {
    # Found X-Envelope-From header, start building $From
    $inFrom=1;
    $From=$1;
  }
  elsif ( $inFrom && /^\s/ ) {
    # Still in X-Envelope-From, keep building $From
    s/\s//g;
    $From .= $_;
  }
  elsif ( /^X-Envelope-To:\s*(.*)\s*$/ ) {
    # Found X-Envelope-To header, start building $ToList
    $inTo=1;
    ($ToList=$1) =~ s/\s//g;
  }
  elsif ( $inTo && /^\s/ ) {
    # Still in X-Envelope-To, keep building $ToList
    s/\s//g;
    $ToList .= $_;
  }
  elsif ( /^Received:\s/ ) {
    # Assuming first Received header is where we start the real message
    # Start building $msg
    $msg=$_;
    $inMsg=1;
  }
  elsif ( $inMsg ) {
    if ( /^Subject:\s/ ) {
      # A nice to have. Note: doesn't capture multi line header
      $Subject = $_;
      chomp ($Subject);
    }
    $msg .= $_;
  }
}

if ( $From && $ToList ) {
  print "===> From = $From\n";
  print "===> ToList = $ToList\n";
  print "===> Subject = $Subject\n";
  print "\n";

  print "===> Sending message:";

  # Split the recipients into a list for passing to recipient function
  @recipients = split(/,/, $ToList);

  # Define the smtp object, build it out and send the message
  $smtp = Net::SMTP->new($mailhost, Port => $port);
  $smtp->mail($From);
  $smtp->recipient(@recipients, { SkipBad => 1 });
  $smtp->data();
  $smtp->datasend($msg);
  $smtp->dataend();
  $smtp->quit;

  # I never had anything fail, so not sure what would happen. Just send OK.
  print " OK\n";
} else {
  print "Error: From and ToList not set. Check the message and edit if required\n";
}

[sangamc]

what does one do when all them emails going through my zimbra server have encrypted attachments. I am in the medical profession and some of our equipment auto-sends emails to relevant doctors with encrypted attachments.

if the virus scanning is broken, how do i simply disable it?

[ewilen]

In the AV options you can turn off the option to quarantine encrypted attachments.

[sangamc]

I did that. and the attachments were still flagged as virus.zip, not even the <filename>.pdf that they were being sent as. I nwould never have known this was happeneing if i didnt try and cc my self. the emails never actually made it to the testr accounts setup for our doctors.

i ended up shutting down the entire AV module, which i didnt want to do.