Page 1 of 2 12 LastLast
Results 1 to 10 of 19

Thread: Content Filter Quarantined Email

Hybrid View

  1. #1
    Join Date
    Jun 2009
    Posts
    19
    Rep Power
    6

    Default Content Filter Quarantined Email

    Hi! This is the first time I have dealt with this in Zimbra. Here is the situation I need help with.

    I have a user that is expecting an email from someone, but every time the person tries to email the user, the user gets an email stating:

    VIRUS ALERT
    Our content checker found
    virus: Heuristics.Encrypted.PDF
    in an email to you from probably faked sender:xxx.xxx.xxx.x
    Content type: Virus
    Our internal reference code for your message is 19882-10/HIUBDgAeTUDu

    First upstream SMTP client IP address:xx.xxx.xx.xx
    According to a 'Received:' trace, the message apparently originated at:
    [xxx.xxx.xxx.x], OwnerPC [xxx.xxx.xx.xxx]
    The message has been quarantined as: virus-quarantine.tqc4u9kp@fnbandt.com

    Please contact your system administrator for details.


    The email has an encrypted pdf attachment and I believe this is why it is being blocked. Our email gateway is not blocking it or showing any virus alerts.

    This is the first time I have had an email quarantined from the Zimbra server. How do I release this?

  2. #2
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by valley_girl1919 View Post
    This is the first time I have had an email quarantined from the Zimbra server. How do I release this?
    You'll find a script in the forums that will do that for you, you should also update your forum profile with the output of the following command:

    Code:
    zmcontrol -v
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  3. #3
    Join Date
    Jun 2009
    Posts
    19
    Rep Power
    6

    Default

    Quote Originally Posted by phoenix View Post
    You'll find a script in the forums that will do that for you, you should also update your forum profile with the output of the following command:

    Code:
    zmcontrol -v
    Thanks!

    Sorry to have to ask, but how do I update my forum profile with the output zmcontrol -v? Where do I type this? Thanks!

  4. #4
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by valley_girl1919 View Post
    Sorry to have to ask, but how do I update my forum profile with the output zmcontrol -v? Where do I type this? Thanks!
    I've given you the link to that in my previous post.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  5. #5
    Join Date
    Jul 2007
    Location
    Belgrade, Serbia
    Posts
    14
    Rep Power
    8

    Default Heuristics.Encrypted.PDF

    Can I get this script?

    Regards

  6. #6
    phoenix is offline Zimbra Consultant & Moderator
    Join Date
    Sep 2005
    Location
    Vannes, France
    Posts
    23,587
    Rep Power
    58

    Default

    Quote Originally Posted by shoneo View Post
    Can I get this script?
    Yes, it's in the forums if you do a quick search for it.
    Regards


    Bill


    Acompli: A new adventure for Co-Founder KevinH.

  7. #7
    Join Date
    Jul 2007
    Location
    Belgrade, Serbia
    Posts
    14
    Rep Power
    8

    Default

    Please, send me a link. I could not find it.

    Regards

  8. #8
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    8

    Default

    Quote Originally Posted by valley_girl1919 View Post
    The email has an encrypted pdf attachment and I believe this is why it is being blocked. Our email gateway is not blocking it or showing any virus alerts.
    someone does know how to avoid it?
    can i avoid the ban of encrypted pdf attachment?
    should i change amavis .in file?

  9. #9
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    8

    Default

    no, in clamav.conf.in

    in some way this should be set to no

    Code:
    %%uncomment VAR:zimbraVirusBlockEncryptedArchive%%ArchiveBlockEncrypted yes

  10. #10
    Join Date
    Mar 2007
    Location
    Small village in the center of Italy
    Posts
    350
    Rep Power
    8

    Default

    it seems that thsi:
    Code:
    %%uncomment VAR:zimbraVirusBlockEncryptedArchive%%ArchiveBlockEncrypted yes
    should be changed

    Code:
    %%comment VAR:zimbraVirusBlockEncryptedArchive%%ArchiveBlockEncrypted yes
    then restart clamav and u get
    Code:
    # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
    # Default: no
    #ArchiveBlockEncrypted yes
    hopefully no pdf encrypted wil banned *for ever*
    that is what customers pay for....

Similar Threads

  1. Deferred Email - Content Filter: Undefined
    By Ericx in forum Administrators
    Replies: 0
    Last Post: 02-19-2008, 10:48 AM
  2. need advice on configuring zimbra to work with fax server
    By pheonix1t in forum Administrators
    Replies: 0
    Last Post: 07-11-2007, 07:46 PM
  3. content filter attacked?
    By ahhhh in forum Administrators
    Replies: 2
    Last Post: 03-26-2007, 05:29 PM
  4. upgrade to 4.0.3 antispam does'nt work
    By lucanannipieri in forum Administrators
    Replies: 14
    Last Post: 11-07-2006, 02:56 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •