Results 1 to 8 of 8

Thread: Release Quarantine in ZCS 8.x version?

Hybrid View

  1. #1
    Join Date
    Nov 2009
    Location
    Ljubljana, Slovenia
    Posts
    268
    Rep Power
    5

    Default Release Quarantine in ZCS 8.x version?

    Hi,

    in 7.x and previous versions quarantine release was quite simple:
    Code:
    sudo su zimbra
    /opt/zimbra/bin/zmlmtpinject -s <envelope_sender> /opt/zimbra/data/amavisd/quarantine/virus-whatever -r <recipient>
    But from 8.x version further I cannot find quarantined mails in /opt/zimbra/data/amavisd/quarantine/ anymore. Actually, there ARE some fresh mails there, but none of those, which I receive alert to be quarantined:
    Code:
    BANNED CONTENTS ALERT
    
    Our content checker found
        banned name: .asc,swfobject.js
    
    in an email to you from:
      sender@domain.com
    
    Content type: Banned
    Our internal reference code for your message is 06331-14/l_Q-IqgUwtJG
    
    First upstream SMTP client IP address: [123.45.67.89]
      BSN-89-67-123.static.adsl.net
    According to a 'Received:' trace, the message apparently originated at:
      [123.45.67.89], SENDER BSN-89-67-123.static.adsl.net [123.45.67.89]
    
    Return-Path: <sender@domain.com>
    From: =?UTF-8?B?TmXFvmE=?= <sender@domain.com>
    Message-ID: <002d01ce0e27$853fd6f0$8fbf84d0$@domain.com>
    X-Mailer: Microsoft Outlook 14.0
    Subject: RE: SWF file
    The message has been quarantined as: virus-quarantine.j4h9f_xnb@zimbra.server.com
    
    Please contact your system administrator for details.
    I am looking for a file named 06331-14/l_Q-IqgUwtJG, but I cannot find any.
    How is quarantine changed in 8.x version and how can I release from quarantine?
    Zimbra on SGH dedicated hosting farm, Slovenia.
    In 2013 we announce new program of low cost SSL server certificates.

  2. #2
    Join Date
    Dec 2006
    Location
    New Mexico
    Posts
    6
    Rep Power
    8

    Default

    I came across your question while searching for an answer to the same problem. I wish Zimbra would have a doc explaining this.
    First: As you know virus quarantines are no longer sent to the /opt/zimbra/data/amavisd/quarantine/ directory. What you may not know, is that they are now sent to the virus-quarantine account.

    If you know how to log into this account skip to step 3.

    Step 1. Find the name of your account:
    As the zimbra user on your mail server, from the cli run zmprov -l gaa (you can also find the name in the e-mail that was sent virus-quarantine.j4h9f_xnb@zimbra.server.com)

    Step 2. Change the password for this account if you don't know it:
    zmprov sp <full account name> <new password>
    example: zmprov sp virus-quarantine.j4h9f_xnb@zimbra.server.com secret

    Step 3. Log on to the web interface with this account, like you would with any other account and find the message you wish to release.

    Step 4. Right click on the message and click on "Redirect"

    Step 5. Type the address where the message was supposed to go and click OK.

    That's it the message should be on its way.
    Last edited by hbarrett; 07-05-2013 at 09:10 AM.

  3. #3
    Join Date
    Jul 2011
    Posts
    9
    Rep Power
    4

    Default

    hbarrett,

    Thanks for the good instructions to find and login to the quarantine account. At least this is an easy way to download the quarantined file.

    However, when I try to redirect the message to the original recipient, it just ends up as another copy in quarantine and the end user gets another virus notification. I am using FOSS version 8.0.5_GA_5839.

    Is there a setting that I need to change somewhere? Does it only work on the Network edition, or has this functionality been removed/broken since you posted this in July?
    Thanks again for providing the information!

  4. #4
    Join Date
    Nov 2009
    Location
    Ljubljana, Slovenia
    Posts
    268
    Rep Power
    5

    Default

    Hi,

    as far as I dig into this isue, I found the easiest way to access quarantined items via Admin Web GUI. Quarantined items are now actually put into separate mailbox, which cam be read as any other mailbox on server.
    Easily from Admin GUI, for example:
    - first, note in received e-mail the line, for example, "The message has been quarantined as: virus-quarantine.j4h9f_xnb@zimbra.something.com"
    - then, login into Admin Web GUI and look among mailbox accounts for mailbox named, in this example, "virus-quarantine.j4h9f_xnb"
    - view mailbox content as admin and you will get access to all quarantined items, which were not wiped out by garbage collector
    Zimbra on SGH dedicated hosting farm, Slovenia.
    In 2013 we announce new program of low cost SSL server certificates.

  5. #5
    Join Date
    Jul 2011
    Posts
    9
    Rep Power
    4

    Default

    I agree, this is the easiest way to get access to the quarantined item. However, hbarrett said in Steps 4 and 5 to "redirect" the message to the original recipient. I think this would be a good option, because the message and attachment get delivered directly to the intended recipient.

    When I tried to redirect the message (after logging into the quarantine account), the message is caught by the antivirus scanner, sent to quarantine again, and the end user is notified again of a quarantined object.

    Since it appears that the redirect worked for hbarrett, I'm wondering if it only works on the Network Edition, or if something has changed since hbarrett posted this message, or if I need to change a setting somewhere to allow the message to bypass the antivirus scan after being redirected.

    Right now, my only solution is to login to the quarantine account, download the attachment and find a different way (outside of Zimbra) to deliver it to the recipient. I really believe that there should be a way to administratively manage these quarantined items and deliver them to the end user when they have been determined by the administrator to be "safe".

    I have voted for bug 8454 https://bugzilla.zimbra.com/show_bug.cgi?id=8454 and hope that we can end up with something in the admin interface so that we can release messages from quarantine.

  6. #6
    Join Date
    Dec 2006
    Location
    New Mexico
    Posts
    6
    Rep Power
    8

    Default

    Just FYI, it no longer works for me after I upgraded to Zimbra 8.0.6_GA_5922.

Similar Threads

  1. Replies: 0
    Last Post: 09-26-2012, 08:53 AM
  2. Replies: 0
    Last Post: 09-26-2012, 08:53 AM
  3. Where is the quarantine?
    By NoDoze in forum Administrators
    Replies: 4
    Last Post: 11-10-2009, 02:28 PM
  4. Replies: 3
    Last Post: 03-21-2008, 09:47 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •