Quarantined files - simple script to show how to release

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
JDunphy
Outstanding Member
Outstanding Member
Posts: 446
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: 8.7.11_P12 RHEL6 Network Edition
Contact:

Quarantined files - simple script to show how to release

Postby JDunphy » Sat Feb 09, 2019 10:22 pm

I don't do this very often and always forget the commands. Today I needed a file that was quarantined because it was a password protected pdf. The logic is from this forum post https://wiki.zimbra.com/wiki/Restore-Quarantined-Emails

The scripts spits out what you need to do in addition to the location of the files and unique quarantine user that Zimbra created. It is not automatic because I still have to verify the file before I release it to the user.

Code: Select all

# su - zimbra
% zmbounceMsg
zmbounceMsg: usage: zmbounceMsg Message-ID
% zmbounceMsg TODCSVMR01pFVjCRGry00003f5c@smtp3.freedommobile.ca
virus account: virus-quarantine.t9l1lt2a8ih@example.com
mailbox id: 15
Run these commands
cd /opt/zimbra/store/0/15/msg/0
zmlmtpinject -r betsy@example.com -s no-reply@freedommobile.ca 1403-262538.msg
zmlmtpinject -r jim@example.com -s virus-quarantine.t9l1lt2a8ih@example.com 1405-262605.msg

Where Message-ID was sent to the user in email about a VIRUS alert. Note: this message had 2 copies because I attempted to bounce it to myself from the admin console which promptly quarantine that copy too. :-)
Here is the script

Code: Select all

#!/bin/bash
#
# Author: Jim Dunphy <jad aesir.com>
# License (ISC): It's yours. Enjoy
# Date: 2/9/2019
#
# usage: zmbounceMsg
#
# Find quarantined message and release back to user based on Message-ID. That ID was sent to the user
# via email. It will handle the multiple user case for the same Message-ID that exists in different files.
#
# Caveat: It doesn't execute the command but explains the commands you would run.
# Note: Administrator needs to verify the file before releasing the file
#


PATH=$PATH:/usr/bin:/sbin:/usr/sbin:/bin export PATH

debug=0
justOnce=1

_d () {
   [ $debug ] && echo $1
}

# Need Message-ID from the email sent to the user about quanrantine
if [ $# -ne 1 ]; then
   echo $0: usage: zmbounceMsg Message-ID
   exit 1
else
   MessageId="$1"
fi

# Only zimbra user
if [ x`whoami` != xzimbra ]; then
   echo Error: must be run as zimbra user
   exit 1
fi

#Get quarantine account
read virusAcct <<< $(zmprov gcf zimbraAmavisQuarantineAccount | awk -F: '{print $2}')
_d "virus account: $virusAcct"

#Locate mailbox id for quarantine account
read mailboxId <<< $(zmprov gmi "$virusAcct" | grep mailboxId | awk '{print $2}')
_d "mailbox id: $mailboxId"

#Locate message to bounce to user
if [ -d /opt/zimbra/store/0/$mailboxId/msg/0 ]; then
    cd /opt/zimbra/store/0/$mailboxId/msg/0
   for filename in * ; do
      if head -100 $filename | grep -i Message-ID | grep -qi $MessageId; then
         if [ $justOnce -eq 1 ];then justOnce=0;echo "Run these commands";echo "cd /opt/zimbra/store/0/$mailboxId/msg/0";fi
         #_d "$filename selected"
        to=$(head -50 $filename | grep "^X-Envelope-To-Blocked:" | awk '{print $2}' | sed 's/["\n\r<>]//g' | head -1)
        from=$(head -50 $filename | grep "^X-Envelope-From:" | awk '{print $2}' | sed 's/["\n\r<>]//g' | head -1)
        if [ ! "x$to" = x ];then
          echo "zmlmtpinject -r $to -s $from $filename"
          fi
      fi
   done
fi

exit 0


User avatar
pup_seba
Outstanding Member
Outstanding Member
Posts: 665
Joined: Sat Sep 13, 2014 2:43 am
Location: Tarragona - Spain
Contact:

Re: Quarantined files - simple script to show how to release

Postby pup_seba » Sun Feb 10, 2019 10:55 am

"simple script" lol...i understand nothing of it :DDD

Thank you very much for sharing! (as you usually do)
User avatar
JDunphy
Outstanding Member
Outstanding Member
Posts: 446
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: 8.7.11_P12 RHEL6 Network Edition
Contact:

Re: Quarantined files - simple script to show how to release

Postby JDunphy » Sun Feb 10, 2019 4:47 pm

pup_seba wrote:"simple script" lol...i understand nothing of it :DDD

Thank you very much for sharing! (as you usually do)

LOL, I am just hoping I can remember I have the script next time I need to do this. It is way more complex than it needs to be but I was worried about wanting any part to read too much data in these potential virus files... That is why all the head statements in the script. It should also work to run with any bogus argument to find the location of the quarantine files like this:

Code: Select all

# su - zimbra
% ./zmbounceMsg anythinghere
virus account: virus-quarantine.t9l1lta8ih@everythingmail.com
mailbox id: 15
location: /opt/zimbra/store/0/15/msg/0

I just modified the script to add that directory location line. Updated script in my github location to add that location output line. https://github.com/JimDunphy/ZimbraScripts/blob/master/src/zmbounceMsg

Return to “Administrators”

Who is online

Users browsing this forum: Baidu [Spider] and 32 guests