| Welcome to the Zimbra :: Forums! | |
Welcome, if you would like to post a comment please register.
We also encourage you to explore all things Zimbra with our team and members of the community.
|
 | | 
06-10-2007, 06:06 AM
| | |  [SOLVED] Releasing quarantined emails
What's the proper procedure for releasing emails caught in amavisd's quarantine in zimbra?
I had a look at amavisd's documentation and it mentions a amavisd-release, but this util is not present in the zimbra package.
Manually copying the file does not seem to be the proper solution either. amavisd saves the entire email, not just the attachment.
I don't know of any attachment extracting utils, as I generally deal with windows not linux. |
06-10-2007, 08:57 AM
| | |
Hello, welcome.
AFAIK, there's not "quarantine" function currently implemented in Zimbra...
Are you sure your amavisd is quarantining some mails ? |
06-11-2007, 06:25 AM
| | |
Quote:
Originally Posted by Klug  Hello, welcome.
AFAIK, there's not "quarantine" function currently implemented in Zimbra...
Are you sure your amavisd is quarantining some mails ? | I tested the AV system by sending a test email with a test EICAR virus signature.
It results in a hit during AV checking and the following email: Quote:
VIRUS ALERT
Our content checker found
virus: Eicar-Test-Signature
in an email to you from unknown sender:
?@access.mail.your-site.com
claiming to be: <eicar@aleph-tec.com>
Our internal reference code for your message is 02121-01/ZLtSlORn0JcT
First upstream SMTP client IP address: [38.96.163.30]
access.mail.your-site.com
According to a 'Received:' trace, the message originated at: [38.96.163.30],
b411.your-site.com (access.mail.your-site.com [38.96.163.30])
Return-Path: <eicar@aleph-tec.com>
Message-ID: <20070610123255.11282440C@b121.your-site.com>
Subject: EICAR anti-virus test file:
The message has been quarantined as: virus-ZLtSlORn0JcT
Please contact your system administrator for details.
| a file along the name of ZLtSlORn0JcT now sits in one of amavisd's directories. cat the file will reveal that it is the original email in its entirety, with the "virus" attachment in its BASE64 SMTP form. This is of course a little useless if you wish to retrieve any attachment caught in this manner.
I am just thinking this through because I enabled protected archive blocking knowing that we do get the occational valid password-protected zip files.  |
07-03-2007, 08:57 PM
| | |
Curious to know the answer to this as well. I can access the email directly in the /opt/zimbra/amavisd/quarantine folder of the filesystem, but would like to know if there are zimbra specific steps to take to release the quarantined email to the recipient. |
07-06-2007, 05:24 AM
| | |
Yeah, i'd like to know the answer to this too.
You'd have thought in the network edition (at least) there would be functionality from the admin GUI to do this. |
08-10-2007, 06:11 PM
| | | Workaround to get messages out of the quarantine
Hi guys,
There are two bugs/enhancement requests for this problem.. (11061 and 14614). I came across the same problem..and I believe I have a workaround, it's not the cleanest.. but it works..
Here is the quick rundown of what you need to do..
0. Make sure you've turned off the encrypted mail check for the anti virus.
1. Find the specific file you want to recover
2. Run formail on the file, and convert it to mbox.
3. View the message as root using mutt/pine/elm and save the attachment to your shell on the server.
4. Download the file to your computer.
5. Email the file to the intended recipient.
6. When the recipient gets the message, he'll get the message with the subject saying UNCHECKED .. but the zip file is indeed there.
-- Slightly more detailed Tips --
1. To convert the quarantined file into mbox format
formail -ds <virus-XXXXXXX > cleanmbox
2. cat cleanmbox >> /var/spool/mail/root
3. mutt
Mutt/Pine/Elm are fairly easy to use text only mail readers.. if you need help with mutt/pine please let me know.. I haven't personally used elm in over 12 years.. and I doubt it comes on many distros.. |
08-27-2007, 04:33 AM
| | |
The workaround didn't work for me, formail just doesn't responds.
I found this script: http://www.amavis.org/contrib/furio.infect
I had to add this lines at the top of the quarantined mail
X-Quarantined-From: <sender@domain.com>
X-Quarantined-To: <recipient@domain.com>
and then
./infect /opt/zimbra/amavisd/quarantine/virus-?????
this works for me |
12-13-2007, 05:14 PM
| | |
Quote:
Originally Posted by telv I don't know of any attachment extracting utils, as I generally deal with windows not linux. | I use uudeview for this. It's probably not installed by default though UUDEVIEW(1) UUDEVIEW(1)
NAME
UUDeview - a powerful decoder for binary files
SYNOPSIS
uudeview [options] [@file] file(s)
DESCRIPTION
UUDeview is a smart decoder for attachments that you have received in
encoded form via electronic mail or from the usenet. It is similar to
the standard uudecode(1) command, yet with more comfort and flexibil‐
ity. UUDeview supports the uuencoding, xxencoding, Base64, yEncoding
and BinHex encoding methods, and is able to handle split-files (which
have been sent in multiple parts) as well as multiple files at once,
thus greatly simplifying the decoding process. Usually, you will not
have to manually edit files to prepare them for decoding.
After invoking uudeview, it will scan all given files for encoded data,
sort them and their parts and then present you with the list of files
that seem like they can be decoded properly. You can then pick files
individually for decoding.
... |
12-04-2008, 04:11 AM
| | Intermediate Member | |
Posts: 19
| |
I released all bad-header messages in this simple way: Quote:
zimbra@smtp:~/data/amavisd/quarantine$ for FILE in `ls badh-*`; do
> cat $FILE | sendmail -t -i
> done
| |
02-27-2009, 01:48 AM
| | |
Thanks a lot !
Cedric | | Thread Tools | | | | Display Modes |  Linear Mode | | Why Join? Registering let's you ask questions, makes it easier to search, displays any files attached to posts, and notifies you about replies.   |
Bugzilla
Wiki
Source
