Results 1 to 4 of 4

Thread: Best Practice virus.quarantine

  1. #1
    Join Date
    Apr 2010
    Posts
    29
    Rep Power
    5

    Question Best Practice virus.quarantine

    Hi out there,

    I wanted to discuss the best practice for handling quarantined mails.

    Since update from ZCS 6.x.x to 7.1.2 more and more notifications of customers coming in reporting mails moved to quarantine - mostly because of encrypted pdfs. Before the update we havn't had those problems. Don't know what damn filter rule has changed and I don't want to search for hours and try for months to find best settings...

    To bring it to the point:

    I am searching for a good way to handle that quarantined mails. I've learned from the google-oracle that there is no nice and easy way to release those mails but I also don't want the customer to call me for every mail with a pdf attached.

    So I thought about moving all mails from one customer in a folder in the incoming of the virus-waurantine.XYZ@domain.de-Account with a filter and then share this folder to the customer (surely with explaining hin what this is and warning to open one of these mails without double checking).


    • What do you think of this idea?
    • It would be great to have the possibility to let delete these mails after 30 days. Any ideas?
    • Also I am wondering what would happen, if the customer syncs this folder with the Outlook Connector. Will his antivirus run wild?


    I'm thankful for every comment and help. I hope that more Zimbra-admins are interested in this issue and I can start a discussion in this thread.
    How do you handle quarantined mails?

    Regards,
    Steffen
    ZCS NETWORK edition 7.1.2 (GA 3268) - Ubuntu 8 LTS 64bit

  2. #2
    Join Date
    Oct 2008
    Posts
    212
    Rep Power
    6

    Default

    I had to disable flagging on encrypted PDFs. Its becoming a more popular thing to password protect PDF files at least with our infrastructure. I ensure I have up to date virus protection on the client machines as well.

    I am wondering a nice way to release the quarantine emails as well. I had to forward a few out of the box then I get phone calls about those emails because it came from the quarantine mailbox not my own.

  3. #3
    Join Date
    Jun 2008
    Location
    Berkeley, CA
    Posts
    1,474
    Rep Power
    9

    Default

    Bug 8454 – Quarantined email management functions

    Note that the script mentioned in the (current) last comment is for older versions of Zimbra. In another thread, I mentioned how I used zmlmtpinject to released quarantined messages in ZCS 6. Not sure either of these would work in 7.

    I agree that if someone is sending/receiving a lot of (legitimate) encrypted PDFs, there's no point in filtering them out. In my opinion, the whole point of quarantine is to interpose a layer of human-administrator caution into the process of opening a suspect email.

    That said if you want to, essentially, deliver all suspect emails (possibly with certain additional criteria such as source address), then using a filter and a shared folder sounds like a good idea. The local A/V of your customer will see any (true) viral attachments if your customer uses ZCO or IMAP, but I don't think that should be a concern.

    As for the emails being retained for exactly 30 days, that's what happens with all emails in the quarantine account. It shouldn't matter where the mails are filed, see http://www.zimbra.com/docs/ne/latest...on_Policy.html

    Also see Bug 65475 – quarantined email is retained for 30 days, not 7. At the moment my observation is that mail is retained in quarantine for 30 days even though the account setting is 7 days. If this is fixed, though, you should still be able to set the retention to whatever you want, as described in the admin guide.

  4. #4
    Join Date
    Apr 2010
    Posts
    29
    Rep Power
    5

    Default

    @ewilen: Thanks for your opinion. I have read about this php-script to show the quarantine-folder and I gave it a try. But this doesn't solve my problems. Also the "download"-button doesn't work for me. I guess it's a unix-right-problem - haven't found time to debug this yet...

    I also got in touch with this 7-day-retaining-"bug" as I wanted to change settings and the web-admin-console told me, that I have to set the value to a minimal value of 30 although I haven't changed this value. I guess this was a missing-communication-problem between different developers ;-)
    ZCS NETWORK edition 7.1.2 (GA 3268) - Ubuntu 8 LTS 64bit

Similar Threads

  1. best practice: grouping shared calendars
    By bdial in forum Administrators
    Replies: 12
    Last Post: 03-11-2011, 06:42 AM
  2. Backup best practice
    By Eyfi in forum Administrators
    Replies: 2
    Last Post: 06-29-2007, 07:52 AM
  3. max mailbox size - best practice
    By comptekki in forum Administrators
    Replies: 9
    Last Post: 04-23-2007, 02:45 PM
  4. Replies: 2
    Last Post: 08-28-2006, 10:20 AM
  5. Filing / Folder Best Practice
    By firebin in forum Administrators
    Replies: 1
    Last Post: 02-11-2006, 03:21 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •