Zimbra Virus Quarantine
How to push a message through that triggered a false-positive on Zimbra's Virus detection
Our Zimbra email service is a great alternative to Microsoft Exchange, one of its built-in features being spam/virus protection.
One thing it currently lacks though is a full "quarantine" system, which is rarely a problem, but very occasionally a false positive is triggered by an attempt at sending a file securely falling foul of the "block encrypted archives" option. At this time it's handy to be able to send the mail on its way.
I had to do this today, and here's what I did:
- Find the right mail in /opt/zimbra/data/amavisd/quarantine it will be called something like virus-1BghBzSYKd2E - this can involve finding the time of the original message in the logs and comparing with the timestamp on the virus file. In the unix world "ls -lhrt" is your friend here for listing the virus files in order of arrival. The location could be different on your install.
- Deselect the option to block enrypted archives in Global Settings -> AS/AV (or remove filtering of the particular file type also in the Global Settings as appropriate).
- On the server as user zimbra do "zmamavisdctl restart"
- To send the mail on its way again: sendmail -t -i < virus-1BghBzSYKd2E
- Look in /var/log/mail.log for the mail being sent ok and not still being rejected.
- Reselect the block encrypted archives option so that it operates in future
- On the server as user zimbra do "zmamavisdctl restart" to finally put things back to normal.
Email is a great tool but encrypted zip files are quite weak from a security perspective, so probably a better means of communication for a private file like this is to send by a secure means such as Dropbox or, if sending from Zimbra, to use the Zimbra Briefcase, or to use a more robust form of encryption for the email such as PGP.