Allow encrypted PDF for a certain user for a certain domain

General discussion about Zimbra Desktop.
Post Reply
raghu557
Posts: 2
Joined: Tue Oct 18, 2016 9:30 am

Allow encrypted PDF for a certain user for a certain domain

Post by raghu557 »

Hello,

We are using Zimbra Open Source Edition 8.0 and we are using it as one of our mail servers. We are facing an issue when we get any encrypted pdf which is been treated as virus and blocking that attachment and we are unable to see that mail.

We tried the option of unblocking the encrypted attachments but that means we are allowing the other viruses to hit our domain.

We wanted a work around where zimbra should be able to allow the encrypted pdf from one domain (icici.com) from a certain user(user@icici.com) but still it should be blocking the others in that domain.

Please help me in resolving this issue and I will be very very grateful to you.

Thanking you in Advance.

Regards,
Raghuram.
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: Allow encrypted PDF for a certain user for a certain domain

Post by DualBoot »

You need to modify the configuration of Postfix/Amavis. This not quiet simple but it is possible.
raghu557
Posts: 2
Joined: Tue Oct 18, 2016 9:30 am

Re: Allow encrypted PDF for a certain user for a certain domain

Post by raghu557 »

Hi,

Can anyone let us know if there is an alternative way to overcome this issue. Like a script to scan all the mails and then use the LMTP injection to resend the mails to the users.

Quick help is highly appreciated and I will be very very thankful to you guys.


Regards,
Raghuram.
User avatar
DualBoot
Elite member
Elite member
Posts: 1326
Joined: Mon Apr 18, 2016 8:18 pm
Location: France - Earth
ZCS/ZD Version: ZCS FLOSS - 8.8.15 Mutli servers
Contact:

Re: Allow encrypted PDF for a certain user for a certain domain

Post by DualBoot »

In this case do not use a script. Use the possibilities Postfix offered.
Start by reading more about Postfix and Amvisd are working togather.
subrata.p
Posts: 1
Joined: Wed Jul 29, 2020 3:08 pm

Re: Allow encrypted PDF for a certain user for a certain domain

Post by subrata.p »

I am stuck with the same problem. I am unable to receive many important mails due to encryption issue. And I am feeling very insecure to allow all encrypted archives to welcome viruses. In this scenario, I need the exact code or solution to receive the crucial mails having encrypted files from some specific domains / mail ids. So can you please help me out by providing me the code to achieve the goal.
User avatar
JDunphy
Outstanding Member
Outstanding Member
Posts: 889
Joined: Fri Sep 12, 2014 11:18 pm
Location: Victoria, BC
ZCS/ZD Version: 9.0.0_P39 NETWORK Edition

Re: Allow encrypted PDF for a certain user for a certain domain

Post by JDunphy »

A general solution is as follows:

Code: Select all

Modify: /opt/zimbra/common/sbin/amavisd

@virus_name_to_spam_score_maps =
  (new_RE(  # the order matters, first match wins
    [ qr'^Structured\.(SSN|CreditCardNumber)\b'            => 0.1 ],
    [ qr'^(Heuristics\.)?Phishing\.'                       => 0.1 ],
    [ qr'^Heuristics\.Encrypted\.PDF'                      => 0.1 ], #JAD - add line
    [ qr'^(Email|HTML)\.Phishing\.(?!.*Sanesecurity)'      => 0.1 ],
    
Add a rule to sauser.cf

header J_ENCR_PDF  X-Amavis-AV-Status =~ m{Heuristics\.Encrypted\.PDF}i
score J_ENCR_PDF  0.1
describe J_ENCR_PDF Allow encrypted pdf's through

Create a SA rule that is specific to what you are attempting to do... All this does is allow clamav to pass this on for further scoring by SA. You would need to restart amavisd after making the changes.

HTH,

Jim
Post Reply