Results 1 to 4 of 4

Thread: Best Practice virus.quarantine

Hybrid View

  1. #1
    Join Date
    Apr 2010
    Rep Power

    Question Best Practice virus.quarantine

    Hi out there,

    I wanted to discuss the best practice for handling quarantined mails.

    Since update from ZCS 6.x.x to 7.1.2 more and more notifications of customers coming in reporting mails moved to quarantine - mostly because of encrypted pdfs. Before the update we havn't had those problems. Don't know what damn filter rule has changed and I don't want to search for hours and try for months to find best settings...

    To bring it to the point:

    I am searching for a good way to handle that quarantined mails. I've learned from the google-oracle that there is no nice and easy way to release those mails but I also don't want the customer to call me for every mail with a pdf attached.

    So I thought about moving all mails from one customer in a folder in the incoming of the with a filter and then share this folder to the customer (surely with explaining hin what this is and warning to open one of these mails without double checking).

    • What do you think of this idea?
    • It would be great to have the possibility to let delete these mails after 30 days. Any ideas?
    • Also I am wondering what would happen, if the customer syncs this folder with the Outlook Connector. Will his antivirus run wild?

    I'm thankful for every comment and help. I hope that more Zimbra-admins are interested in this issue and I can start a discussion in this thread.
    How do you handle quarantined mails?

    ZCS NETWORK edition 7.1.2 (GA 3268) - Ubuntu 8 LTS 64bit

  2. #2
    Join Date
    Oct 2008
    Rep Power


    I had to disable flagging on encrypted PDFs. Its becoming a more popular thing to password protect PDF files at least with our infrastructure. I ensure I have up to date virus protection on the client machines as well.

    I am wondering a nice way to release the quarantine emails as well. I had to forward a few out of the box then I get phone calls about those emails because it came from the quarantine mailbox not my own.

  3. #3
    Join Date
    Jun 2008
    Berkeley, CA
    Rep Power


    Bug 8454 – Quarantined email management functions

    Note that the script mentioned in the (current) last comment is for older versions of Zimbra. In another thread, I mentioned how I used zmlmtpinject to released quarantined messages in ZCS 6. Not sure either of these would work in 7.

    I agree that if someone is sending/receiving a lot of (legitimate) encrypted PDFs, there's no point in filtering them out. In my opinion, the whole point of quarantine is to interpose a layer of human-administrator caution into the process of opening a suspect email.

    That said if you want to, essentially, deliver all suspect emails (possibly with certain additional criteria such as source address), then using a filter and a shared folder sounds like a good idea. The local A/V of your customer will see any (true) viral attachments if your customer uses ZCO or IMAP, but I don't think that should be a concern.

    As for the emails being retained for exactly 30 days, that's what happens with all emails in the quarantine account. It shouldn't matter where the mails are filed, see

    Also see Bug 65475 – quarantined email is retained for 30 days, not 7. At the moment my observation is that mail is retained in quarantine for 30 days even though the account setting is 7 days. If this is fixed, though, you should still be able to set the retention to whatever you want, as described in the admin guide.

  4. #4
    Join Date
    Apr 2010
    Rep Power


    @ewilen: Thanks for your opinion. I have read about this php-script to show the quarantine-folder and I gave it a try. But this doesn't solve my problems. Also the "download"-button doesn't work for me. I guess it's a unix-right-problem - haven't found time to debug this yet...

    I also got in touch with this 7-day-retaining-"bug" as I wanted to change settings and the web-admin-console told me, that I have to set the value to a minimal value of 30 although I haven't changed this value. I guess this was a missing-communication-problem between different developers ;-)
    ZCS NETWORK edition 7.1.2 (GA 3268) - Ubuntu 8 LTS 64bit

Similar Threads

  1. best practice: grouping shared calendars
    By bdial in forum Administrators
    Replies: 12
    Last Post: 03-11-2011, 07:42 AM
  2. Backup best practice
    By Eyfi in forum Administrators
    Replies: 2
    Last Post: 06-29-2007, 08:52 AM
  3. max mailbox size - best practice
    By comptekki in forum Administrators
    Replies: 9
    Last Post: 04-23-2007, 03:45 PM
  4. Replies: 2
    Last Post: 08-28-2006, 11:20 AM
  5. Filing / Folder Best Practice
    By firebin in forum Administrators
    Replies: 1
    Last Post: 02-11-2006, 04:21 PM

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts