Allow encrypted PDF for a certain user for a certain domain

General discussion about Zimbra Desktop.
raghu557
Posts: 2
Joined: Tue Oct 18, 2016 9:30 am

Allow encrypted PDF for a certain user for a certain domain

Postby raghu557 » Tue Oct 18, 2016 9:48 am

Hello,

We are using Zimbra Open Source Edition 8.0 and we are using it as one of our mail servers. We are facing an issue when we get any encrypted pdf which is been treated as virus and blocking that attachment and we are unable to see that mail.

We tried the option of unblocking the encrypted attachments but that means we are allowing the other viruses to hit our domain.

We wanted a work around where zimbra should be able to allow the encrypted pdf from one domain (icici.com) from a certain user(user@icici.com) but still it should be blocking the others in that domain.

Please help me in resolving this issue and I will be very very grateful to you.

Thanking you in Advance.

Regards,
Raghuram.


User avatar
DualBoot
Elite member
Elite member
Posts: 1308
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: Allow encrypted PDF for a certain user for a certain domain

Postby DualBoot » Wed Oct 19, 2016 8:44 pm

You need to modify the configuration of Postfix/Amavis. This not quiet simple but it is possible.
raghu557
Posts: 2
Joined: Tue Oct 18, 2016 9:30 am

Re: Allow encrypted PDF for a certain user for a certain domain

Postby raghu557 » Wed Oct 26, 2016 8:52 am

Hi,

Can anyone let us know if there is an alternative way to overcome this issue. Like a script to scan all the mails and then use the LMTP injection to resend the mails to the users.

Quick help is highly appreciated and I will be very very thankful to you guys.


Regards,
Raghuram.
User avatar
DualBoot
Elite member
Elite member
Posts: 1308
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: Allow encrypted PDF for a certain user for a certain domain

Postby DualBoot » Fri Oct 28, 2016 2:23 pm

In this case do not use a script. Use the possibilities Postfix offered.
Start by reading more about Postfix and Amvisd are working togather.
subrata.p
Posts: 1
Joined: Wed Jul 29, 2020 3:08 pm

Re: Allow encrypted PDF for a certain user for a certain domain

Postby subrata.p » Wed Jul 29, 2020 3:18 pm

I am stuck with the same problem. I am unable to receive many important mails due to encryption issue. And I am feeling very insecure to allow all encrypted archives to welcome viruses. In this scenario, I need the exact code or solution to receive the crucial mails having encrypted files from some specific domains / mail ids. So can you please help me out by providing me the code to achieve the goal.
User avatar
JDunphy
Outstanding Member
Outstanding Member
Posts: 525
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: 8.8.15_P15 RHEL6 Network Edition
Contact:

Re: Allow encrypted PDF for a certain user for a certain domain

Postby JDunphy » Wed Jul 29, 2020 7:37 pm

A general solution is as follows:

Code: Select all

Modify: /opt/zimbra/common/sbin/amavisd

@virus_name_to_spam_score_maps =
  (new_RE(  # the order matters, first match wins
    [ qr'^Structured\.(SSN|CreditCardNumber)\b'            => 0.1 ],
    [ qr'^(Heuristics\.)?Phishing\.'                       => 0.1 ],
    [ qr'^Heuristics\.Encrypted\.PDF'                      => 0.1 ], #JAD - add line
    [ qr'^(Email|HTML)\.Phishing\.(?!.*Sanesecurity)'      => 0.1 ],
   
Add a rule to sauser.cf

header J_ENCR_PDF  X-Amavis-AV-Status =~ m{Heuristics\.Encrypted\.PDF}i
score J_ENCR_PDF  0.1
describe J_ENCR_PDF Allow encrypted pdf's through


Create a SA rule that is specific to what you are attempting to do... All this does is allow clamav to pass this on for further scoring by SA. You would need to restart amavisd after making the changes.

HTH,

Jim

Return to “General Questions”

Who is online

Users browsing this forum: No registered users and 7 guests