Page 1 of 3 123 LastLast
Results 1 to 10 of 30

Thread: [SOLVED] Releasing quarantined emails

  1. #1
    telv is offline Junior Member
    Join Date
    Jun 2007
    Posts
    6
    Rep Power
    8

    Default [SOLVED] Releasing quarantined emails

    What's the proper procedure for releasing emails caught in amavisd's quarantine in zimbra?

    I had a look at amavisd's documentation and it mentions a amavisd-release, but this util is not present in the zimbra package.

    Manually copying the file does not seem to be the proper solution either. amavisd saves the entire email, not just the attachment.

    I don't know of any attachment extracting utils, as I generally deal with windows not linux.

  2. #2
    Klug's Avatar
    Klug is offline Moderator
    Join Date
    Mar 2006
    Location
    Beaucaire, France
    Posts
    2,316
    Rep Power
    13

    Default

    Hello, welcome.

    AFAIK, there's not "quarantine" function currently implemented in Zimbra...

    Are you sure your amavisd is quarantining some mails ?

  3. #3
    telv is offline Junior Member
    Join Date
    Jun 2007
    Posts
    6
    Rep Power
    8

    Default

    Quote Originally Posted by Klug View Post
    Hello, welcome.

    AFAIK, there's not "quarantine" function currently implemented in Zimbra...

    Are you sure your amavisd is quarantining some mails ?
    I tested the AV system by sending a test email with a test EICAR virus signature.

    It results in a hit during AV checking and the following email:
    VIRUS ALERT

    Our content checker found
    virus: Eicar-Test-Signature

    in an email to you from unknown sender:
    ?@access.mail.your-site.com
    claiming to be: <eicar@aleph-tec.com>

    Our internal reference code for your message is 02121-01/ZLtSlORn0JcT

    First upstream SMTP client IP address: [38.96.163.30]
    access.mail.your-site.com
    According to a 'Received:' trace, the message originated at: [38.96.163.30],
    b411.your-site.com (access.mail.your-site.com [38.96.163.30])

    Return-Path: <eicar@aleph-tec.com>
    Message-ID: <20070610123255.11282440C@b121.your-site.com>
    Subject: EICAR anti-virus test file:
    The message has been quarantined as: virus-ZLtSlORn0JcT

    Please contact your system administrator for details.
    a file along the name of ZLtSlORn0JcT now sits in one of amavisd's directories. cat the file will reveal that it is the original email in its entirety, with the "virus" attachment in its BASE64 SMTP form. This is of course a little useless if you wish to retrieve any attachment caught in this manner.

    I am just thinking this through because I enabled protected archive blocking knowing that we do get the occational valid password-protected zip files.

  4. #4
    mbd
    mbd is offline Senior Member
    Join Date
    Dec 2006
    Location
    Melbourne, AU
    Posts
    58
    Rep Power
    8

    Default

    Curious to know the answer to this as well. I can access the email directly in the /opt/zimbra/amavisd/quarantine folder of the filesystem, but would like to know if there are zimbra specific steps to take to release the quarantined email to the recipient.

  5. #5
    Leesbian is offline Active Member
    Join Date
    May 2007
    Location
    London, UK
    Posts
    26
    Rep Power
    8

    Default

    Yeah, i'd like to know the answer to this too.

    You'd have thought in the network edition (at least) there would be functionality from the admin GUI to do this.

  6. #6
    vluther is offline Starter Member
    Join Date
    Aug 2007
    Location
    San Antonio, TX
    Posts
    1
    Rep Power
    7

    Default Workaround to get messages out of the quarantine

    Hi guys,
    There are two bugs/enhancement requests for this problem.. (11061 and 14614). I came across the same problem..and I believe I have a workaround, it's not the cleanest.. but it works..

    Here is the quick rundown of what you need to do..

    0. Make sure you've turned off the encrypted mail check for the anti virus.
    1. Find the specific file you want to recover
    2. Run formail on the file, and convert it to mbox.
    3. View the message as root using mutt/pine/elm and save the attachment to your shell on the server.
    4. Download the file to your computer.
    5. Email the file to the intended recipient.

    6. When the recipient gets the message, he'll get the message with the subject saying UNCHECKED .. but the zip file is indeed there.

    -- Slightly more detailed Tips --

    1. To convert the quarantined file into mbox format
    formail -ds <virus-XXXXXXX > cleanmbox
    2. cat cleanmbox >> /var/spool/mail/root
    3. mutt

    Mutt/Pine/Elm are fairly easy to use text only mail readers.. if you need help with mutt/pine please let me know.. I haven't personally used elm in over 12 years.. and I doubt it comes on many distros..

  7. #7
    lindworm is offline Senior Member
    Join Date
    Feb 2007
    Location
    Germany
    Posts
    74
    Rep Power
    8

    Default

    The workaround didn't work for me, formail just doesn't responds.

    I found this script: http://www.amavis.org/contrib/furio.infect

    I had to add this lines at the top of the quarantined mail
    X-Quarantined-From: <sender@domain.com>
    X-Quarantined-To: <recipient@domain.com>

    and then

    ./infect /opt/zimbra/amavisd/quarantine/virus-?????

    this works for me

  8. #8
    johnlr is offline Starter Member
    Join Date
    Dec 2007
    Posts
    1
    Rep Power
    7

    Default

    Quote Originally Posted by telv View Post
    I don't know of any attachment extracting utils, as I generally deal with windows not linux.
    I use uudeview for this. It's probably not installed by default though


    UUDEVIEW(1) UUDEVIEW(1)

    NAME
    UUDeview - a powerful decoder for binary files

    SYNOPSIS
    uudeview [options] [@file] file(s)

    DESCRIPTION
    UUDeview is a smart decoder for attachments that you have received in
    encoded form via electronic mail or from the usenet. It is similar to
    the standard uudecode(1) command, yet with more comfort and flexibil‐
    ity. UUDeview supports the uuencoding, xxencoding, Base64, yEncoding
    and BinHex encoding methods, and is able to handle split-files (which
    have been sent in multiple parts) as well as multiple files at once,
    thus greatly simplifying the decoding process. Usually, you will not
    have to manually edit files to prepare them for decoding.

    After invoking uudeview, it will scan all given files for encoded data,
    sort them and their parts and then present you with the list of files
    that seem like they can be decoded properly. You can then pick files
    individually for decoding.

    ...

  9. #9
    drizzt's Avatar
    drizzt is offline Intermediate Member
    Join Date
    Nov 2008
    Location
    Pavia (Italia)
    Posts
    19
    Rep Power
    6

    Default

    I released all bad-header messages in this simple way:
    zimbra@smtp:~/data/amavisd/quarantine$ for FILE in `ls badh-*`; do
    > cat $FILE | sendmail -t -i
    > done

  10. #10
    cedric.claidiere is offline Starter Member
    Join Date
    Sep 2008
    Posts
    1
    Rep Power
    6

    Default

    Thanks a lot !

    Cedric

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Errors because of Deffered emails
    By mansuper in forum Administrators
    Replies: 0
    Last Post: 11-20-2006, 04:08 PM
  2. Deleting emails before a particular date
    By mansuper in forum Zimbra in Education
    Replies: 6
    Last Post: 11-16-2006, 02:57 PM
  3. Not receiving emails
    By koby in forum Installation
    Replies: 2
    Last Post: 08-28-2006, 03:29 AM
  4. how to manage quarantined emails.?
    By demanl in forum Administrators
    Replies: 5
    Last Post: 06-24-2006, 01:27 PM
  5. emails don't show up in inbox in browser
    By pstelzer in forum Installation
    Replies: 10
    Last Post: 12-13-2005, 10:21 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •