Page 1 of 1

Allow encrypted PDF for a certain user for a certain domain

Posted: Tue Oct 18, 2016 9:48 am
by raghu557
Hello,

We are using Zimbra Open Source Edition 8.0 and we are using it as one of our mail servers. We are facing an issue when we get any encrypted pdf which is been treated as virus and blocking that attachment and we are unable to see that mail.

We tried the option of unblocking the encrypted attachments but that means we are allowing the other viruses to hit our domain.

We wanted a work around where zimbra should be able to allow the encrypted pdf from one domain (icici.com) from a certain user(user@icici.com) but still it should be blocking the others in that domain.

Please help me in resolving this issue and I will be very very grateful to you.

Thanking you in Advance.

Regards,
Raghuram.

Re: Allow encrypted PDF for a certain user for a certain domain

Posted: Wed Oct 19, 2016 8:44 pm
by DualBoot
You need to modify the configuration of Postfix/Amavis. This not quiet simple but it is possible.

Re: Allow encrypted PDF for a certain user for a certain domain

Posted: Wed Oct 26, 2016 8:52 am
by raghu557
Hi,

Can anyone let us know if there is an alternative way to overcome this issue. Like a script to scan all the mails and then use the LMTP injection to resend the mails to the users.

Quick help is highly appreciated and I will be very very thankful to you guys.


Regards,
Raghuram.

Re: Allow encrypted PDF for a certain user for a certain domain

Posted: Fri Oct 28, 2016 2:23 pm
by DualBoot
In this case do not use a script. Use the possibilities Postfix offered.
Start by reading more about Postfix and Amvisd are working togather.

Re: Allow encrypted PDF for a certain user for a certain domain

Posted: Wed Jul 29, 2020 3:18 pm
by subrata.p
I am stuck with the same problem. I am unable to receive many important mails due to encryption issue. And I am feeling very insecure to allow all encrypted archives to welcome viruses. In this scenario, I need the exact code or solution to receive the crucial mails having encrypted files from some specific domains / mail ids. So can you please help me out by providing me the code to achieve the goal.

Re: Allow encrypted PDF for a certain user for a certain domain

Posted: Wed Jul 29, 2020 7:37 pm
by JDunphy
A general solution is as follows:

Code: Select all

Modify: /opt/zimbra/common/sbin/amavisd

@virus_name_to_spam_score_maps =
  (new_RE(  # the order matters, first match wins
    [ qr'^Structured\.(SSN|CreditCardNumber)\b'            => 0.1 ],
    [ qr'^(Heuristics\.)?Phishing\.'                       => 0.1 ],
    [ qr'^Heuristics\.Encrypted\.PDF'                      => 0.1 ], #JAD - add line
    [ qr'^(Email|HTML)\.Phishing\.(?!.*Sanesecurity)'      => 0.1 ],
   
Add a rule to sauser.cf

header J_ENCR_PDF  X-Amavis-AV-Status =~ m{Heuristics\.Encrypted\.PDF}i
score J_ENCR_PDF  0.1
describe J_ENCR_PDF Allow encrypted pdf's through


Create a SA rule that is specific to what you are attempting to do... All this does is allow clamav to pass this on for further scoring by SA. You would need to restart amavisd after making the changes.

HTH,

Jim