Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Content Filter Quarantined Email

  1. #1
    Join Date
    Jun 2009
    Posts
    19
    Rep Power
    7

    Default Content Filter Quarantined Email

    Hi! This is the first time I have dealt with this in Zimbra. Here is the situation I need help with.

    I have a user that is expecting an email from someone, but every time the person tries to email the user, the user gets an email stating:

    VIRUS ALERT
    Our content checker found
    virus: Heuristics.Encrypted.PDF
    in an email to you from probably faked sender:xxx.xxx.xxx.x
    Content type: Virus
    Our internal reference code for your message is 19882-10/HIUBDgAeTUDu

    First upstream SMTP client IP address:xx.xxx.xx.xx
    According to a 'Received:' trace, the message apparently originated at:
    [xxx.xxx.xxx.x], OwnerPC [xxx.xxx.xx.xxx]
    The message has been quarantined as: virus-quarantine.tqc4u9kp@fnbandt.com

    Please contact your system administrator for details.


    The email has an encrypted pdf attachment and I believe this is why it is being blocked. Our email gateway is not blocking it or showing any virus alerts.

    This is the first time I have had an email quarantined from the Zimbra server. How do I release this?

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    59

    Default

    Quote Originally Posted by valley_girl1919 View Post
    This is the first time I have had an email quarantined from the Zimbra server. How do I release this?
    You'll find a script in the forums that will do that for you, you should also update your forum profile with the output of the following command:

    Code:
    zmcontrol -v
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Jun 2009
    Posts
    19
    Rep Power
    7

    Default

    Quote Originally Posted by phoenix View Post
    You'll find a script in the forums that will do that for you, you should also update your forum profile with the output of the following command:

    Code:
    zmcontrol -v
    Thanks!

    Sorry to have to ask, but how do I update my forum profile with the output zmcontrol -v? Where do I type this? Thanks!

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    59

    Default

    Quote Originally Posted by valley_girl1919 View Post
    Sorry to have to ask, but how do I update my forum profile with the output zmcontrol -v? Where do I type this? Thanks!
    I've given you the link to that in my previous post.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Jul 2007
    Location
    Belgrade, Serbia
    Posts
    14
    Rep Power
    9

    Default Heuristics.Encrypted.PDF

    Can I get this script?

    Regards

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    59

    Default

    Quote Originally Posted by shoneo View Post
    Can I get this script?
    Yes, it's in the forums if you do a quick search for it.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    Join Date
    Jul 2007
    Location
    Belgrade, Serbia
    Posts
    14
    Rep Power
    9

    Default

    Please, send me a link. I could not find it.

    Regards

  8. #8
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    10

    Default

    Quote Originally Posted by valley_girl1919 View Post
    The email has an encrypted pdf attachment and I believe this is why it is being blocked. Our email gateway is not blocking it or showing any virus alerts.
    someone does know how to avoid it?
    can i avoid the ban of encrypted pdf attachment?
    should i change amavis .in file?

  9. #9
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    10

    Default

    no, in clamav.conf.in

    in some way this should be set to no

    Code:
    %%uncomment VAR:zimbraVirusBlockEncryptedArchive%%ArchiveBlockEncrypted yes

  10. #10
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    10

    Default

    it seems that thsi:
    Code:
    %%uncomment VAR:zimbraVirusBlockEncryptedArchive%%ArchiveBlockEncrypted yes
    should be changed

    Code:
    %%comment VAR:zimbraVirusBlockEncryptedArchive%%ArchiveBlockEncrypted yes
    then restart clamav and u get
    Code:
    # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
    # Default: no
    #ArchiveBlockEncrypted yes
    hopefully no pdf encrypted wil banned *for ever*
    that is what customers pay for....

Similar Threads

  1. Deferred Email - Content Filter: Undefined
    By Ericx in forum Administrators
    Replies: 0
    Last Post: 02-19-2008, 10:48 AM
  2. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  3. content filter attacked?
    By ahhhh in forum Administrators
    Replies: 2
    Last Post: 03-26-2007, 05:29 PM
  4. upgrade to 4.0.3 antispam does'nt work
    By lucanannipieri in forum Administrators
    Replies: 14
    Last Post: 11-07-2006, 02:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •