Page 3 of 3 FirstFirst 123
Results 21 to 29 of 29

Thread: [SOLVED] Every new message is flagged with Exploit.PDF-9669 - Nothing getting through

  1. #21
    Join Date
    Dec 2005
    Posts
    9
    Rep Power
    9

    Default

    Awesome, now I won't have to worry about it getting overwritten. Unfortunatly since I caught it later due to complaints I had to just find a fix and do limited testing. Now I probably should upgrade all of my zimbra machines.

  2. #22
    Join Date
    Nov 2006
    Posts
    50
    Rep Power
    8

    Default it works!

    yes ,it works!

    clamvd has updated the db file!

    everything is ok , thanks!

  3. #23
    Join Date
    Oct 2005
    Location
    USA, Canada and India
    Posts
    777
    Rep Power
    10

    Default

    looks like here was a FALSE POSITIVE in the camavdb

    ClamAV database version "10276 released on 09 Jan 2010" has this problem fixed.
    if your db version is older than "10276" or not yet updated then you can do that by running the following command

    su - zimbra
    /opt/zimbra/clamav/bin/freshclam --config-file=/opt/zimbra/conf/freshclam.conf
    zmantivirusctl stop
    zmantivirusctl start
    zmcontrol status
    above taken from wiki:
    ClamAV - Reset Defs DB - Zimbra :: Wiki

    Raj
    i2k2 Networks
    Dedicated & Shared Zimbra Hosting Provider

  4. #24
    Join Date
    Mar 2007
    Location
    Vancouver, Canada
    Posts
    34
    Rep Power
    8

    Default

    I wrote the following script to handle forwarding the quarantined messages in /opt/zimbra/amavisd-new-2.5.2/quarantine/ that weren't obvious spam .

    Code:
    #!/usr/bin/perl -w
    #
    # send_quarantine.pl
    #
    # Script to send message caught by Amavis quarantine. Feed the raw message
    # into STDIN: ./send_quarantine.pl < virus-EHzL3YEPv56N
    #
    # Assumptions:
    #
    #   Amavis has added an X-Envelope-From header listing original From address.
    #     Use it as the From in the SMTP call.
    #
    #   Amavis has added an X-Envelope-To header that breaks out the original To,
    #      Cc, Bcc, etc. Use it as the To in the SMTP call.
    #
    #   The first Received header marks the beginning of the good RFC822 message
    #      that will be fed into the SMTP call.
    #
    #   Script is NOT responsible for removing the quarantined message. It just
    #      feeds it to and SMTP handler, that's it.
    #
    # Inspired by infect script at http://www.amavis.org/contrib/furio.infect
    #
    # Jay MacDonald - ThinkTek Solutions
    #
    # Licensing information: do whatever you want with this script.
    # There is no warranty.  The author brings no responsibility for
    # any problem or damage related with the use of this script.
    #
    
    use Net::SMTP;
    
    my $mailhost = "localhost";
    my $port = 25;
    
    my $inTo=0;
    my $inFrom=0;
    my $inMsg=0;
    my $From='';
    my $ToList='';
    my $Subject='';
    
    while ( <> ) {
      if ( $inFrom && /^\S/ ) {
        # No longer reading an X-Envelope-From header
        $inFrom=0;
      }
      if ( $inTo && /^\S/ ) {
        # No longer reading an X-Envelope-To header
        $inTo=0;
      }
    
      if ( /^X-Envelope-From:\s*(.*)\s*$/ ) {
        # Found X-Envelope-From header, start building $From
        $inFrom=1;
        $From=$1;
      }
      elsif ( $inFrom && /^\s/ ) {
        # Still in X-Envelope-From, keep building $From
        s/\s//g;
        $From .= $_;
      }
      elsif ( /^X-Envelope-To:\s*(.*)\s*$/ ) {
        # Found X-Envelope-To header, start building $ToList
        $inTo=1;
        ($ToList=$1) =~ s/\s//g;
      }
      elsif ( $inTo && /^\s/ ) {
        # Still in X-Envelope-To, keep building $ToList
        s/\s//g;
        $ToList .= $_;
      }
      elsif ( /^Received:\s/ ) {
        # Assuming first Received header is where we start the real message
        # Start building $msg
        $msg=$_;
        $inMsg=1;
      }
      elsif ( $inMsg ) {
        if ( /^Subject:\s/ ) {
          # A nice to have. Note: doesn't capture multi line header
          $Subject = $_;
          chomp ($Subject);
        }
        $msg .= $_;
      }
    }
    
    if ( $From && $ToList ) {
      print "===> From = $From\n";
      print "===> ToList = $ToList\n";
      print "===> Subject = $Subject\n";
      print "\n";
    
      print "===> Sending message:";
    
      # Split the recipients into a list for passing to recipient function
      @recipients = split(/,/, $ToList);
    
      # Define the smtp object, build it out and send the message
      $smtp = Net::SMTP->new($mailhost, Port => $port);
      $smtp->mail($From);
      $smtp->recipient(@recipients, { SkipBad => 1 });
      $smtp->data();
      $smtp->datasend($msg);
      $smtp->dataend();
      $smtp->quit;
    
      # I never had anything fail, so not sure what would happen. Just send OK.
      print " OK\n";
    } else {
      print "Error: From and ToList not set. Check the message and edit if required\n";
    }

  5. #25
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

  6. #26
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Could also write one specifically for this based on X-Amavis-Alert: INFECTED, message contains virus: Exploit.PDF-9669

  7. #27
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    Quote Originally Posted by Cheakamus View Post
    I wrote the following script to handle forwarding the quarantined messages in /opt/zimbra/amavisd-new-2.5.2/quarantine/ that weren't obvious spam .
    Ok one more, should also mention that becomes /opt/zimbra/data/amavisd/quarantine on later releases.

  8. #28
    Join Date
    May 2006
    Location
    USA
    Posts
    6,242
    Rep Power
    21

    Default

    In other clamav news, as I see some of you in this thread are using older ZCS 5.x, come May: End of Life Announcement: ClamAV 0.94.x

    We included 0.95 as of ZCS 5.0.18 - there's also ClamAV - Updating Version - Zimbra :: Wiki for manual directions.

  9. #29
    Join Date
    Jan 2010
    Posts
    4
    Rep Power
    5

    Smile Clam AV

    My testing is successful.
    the latest update form CALMAV has fixed this isuue.

    Thanks to every one.

    Thanks!
    Sankar N.

Similar Threads

  1. 'Couldn't access Yahoo! Zimbra Desktop server"
    By chirag1 in forum Error Reports
    Replies: 37
    Last Post: 06-12-2011, 05:14 PM
  2. Message disappears between MTA and mailbox server
    By andrew_l in forum Administrators
    Replies: 12
    Last Post: 07-08-2010, 11:26 PM
  3. Can no longer start desktop
    By foobaz in forum General Questions
    Replies: 12
    Last Post: 04-02-2010, 04:06 PM
  4. [SOLVED] Zimbra desktop slowed down the system
    By hvle in forum General Questions
    Replies: 5
    Last Post: 03-23-2009, 05:32 PM
  5. Emails bouncing with "Error Text: 401,'null'"
    By sholden in forum Zimbra Connector for Outlook
    Replies: 27
    Last Post: 08-20-2008, 04:59 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •