VirusTotal check for Zimbra emails

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
maxxer
Advanced member
Advanced member
Posts: 190
Joined: Fri Oct 04, 2013 2:12 am
Contact:

VirusTotal check for Zimbra emails

Postby maxxer » Sun Nov 03, 2019 5:35 pm

If anyone is interested, also for improving it, I wrote a quick howto on how to add VirusTotal check on Amavisd for mails coming and going from Zimbra:

https://lorenzo.mile.si/zimbra-enhance- ... -com/1094/


User avatar
zimico
Advanced member
Advanced member
Posts: 184
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: VirusTotal check for Zimbra emails

Postby zimico » Wed Nov 06, 2019 8:43 am

This is great, Maxxer. We recently have huge phishing/spam attach with doc, zip file attachment. Zimbra can not filter out those bad emails. Do you use this on your production system?
I think 4 hit/minutes is quite low, I am reading about how to increase it. Did you try https://hub.ercpe.de/vtcache/vtapi/v2/file/report as proxy? It seems to be death link now.
Best regards,
Minh.
User avatar
maxxer
Advanced member
Advanced member
Posts: 190
Joined: Fri Oct 04, 2013 2:12 am
Contact:

Re: VirusTotal check for Zimbra emails

Postby maxxer » Wed Nov 06, 2019 8:53 am

Yeah that limit is pretty low and you often hit it. I have installed it in three servers and so far it's working good, I didn't have any problem reported.

I see the proxy suggested in the README is dead. I did a quick search on Google and found there are some python stuff around, but I didn't try them. The problems is to create something like a public service in order to really reduce the requests forwarded to VT. If you find a software that works let me know, we can try a private test here on the forum
Klug
Elite member
Elite member
Posts: 2367
Joined: Mon Dec 16, 2013 11:35 am
Contact:

Re: VirusTotal check for Zimbra emails

Postby Klug » Wed Nov 06, 2019 4:52 pm

It's an old page (2016) and it's in french (sorry) but here you have informations about using the free version of Tyk as proxy/cache to the VT API.
https://blog.zenithar.org/post/2016/01/ ... irustotal/
User avatar
maxxer
Advanced member
Advanced member
Posts: 190
Joined: Fri Oct 04, 2013 2:12 am
Contact:

Re: VirusTotal check for Zimbra emails

Postby maxxer » Thu Nov 07, 2019 9:57 am

Klug wrote:It's an old page (2016) and it's in french (sorry) but here you have informations about using the free version of Tyk as proxy/cache to the VT API.
https://blog.zenithar.org/post/2016/01/ ... irustotal/


Thanks, very useful.
It needs a little tweaking, at least for how I intended to use it. From what I understand this adds a static api key to all forwarded calls. Instead I'd like to receive calls as if they were made for VT, check the cache excluding the API parameter and if not found forward it upstream as is.
This way I can use a single proxy for more than one customer. Maybe it's a little border line in term of license usage, but I'd use it internally. I have to dig into the docs on how to do that, but it's a good starting point, thanks again
User avatar
zimico
Advanced member
Advanced member
Posts: 184
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: VirusTotal check for Zimbra emails

Postby zimico » Sun Nov 10, 2019 8:55 am

Dear Maxxer,
I'm using Centos 7, installation went OK (I installed python3-devel also). However I can not find out where "amavis-vtd.service" is by following your guide:

Code: Select all

cp etc/amavis-vtd.service /etc/systemd/system

Run #find / -name amavis-vtd.service with no result.
As your code, amavis-vtd.service is in /usr/local/src/amavisvt/etc, isn't it?
Best regards,
Minh.
User avatar
Peter Parker
Posts: 8
Joined: Mon Apr 09, 2018 2:06 am
Location: Vietnam

Re: VirusTotal check for Zimbra emails

Postby Peter Parker » Sun Nov 10, 2019 11:39 am

Hi Maxxer,

As your guide, it still working with Centos, isn't it?.

As far as I know, we need to create an amavis-vtd.service through manually, or it will automatically generate when we installed the packages.

https://www.linode.com/docs/quick-answers/linux/start-service-at-boot/
User avatar
maxxer
Advanced member
Advanced member
Posts: 190
Joined: Fri Oct 04, 2013 2:12 am
Contact:

Re: VirusTotal check for Zimbra emails

Postby maxxer » Mon Nov 11, 2019 9:52 am

The service file is in the GitHib repo of the project. I'll try to document better
User avatar
fferraro87
Advanced member
Advanced member
Posts: 99
Joined: Thu Apr 28, 2016 8:58 am

Re: VirusTotal check for Zimbra emails

Postby fferraro87 » Mon Nov 11, 2019 10:07 am

maxxer wrote:The service file is in the GitHib repo of the project. I'll try to document better

Hi,
in the github repo i can't see service file, can you tell me filename inside github repo?

Thanks
User avatar
zimico
Advanced member
Advanced member
Posts: 184
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: VirusTotal check for Zimbra emails

Postby zimico » Mon Nov 11, 2019 11:12 am

Hi Maxxer,
if possible, could you please share the service file?
Many thanks,
Minh

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 12 guests