Hi out there,
I wanted to discuss the best practice for handling quarantined mails.
Since update from ZCS 6.x.x to 7.1.2 more and more notifications of customers coming in reporting mails moved to quarantine - mostly because of encrypted pdfs. Before the update we havn't had those problems. Don't know what damn filter rule has changed and I don't want to search for hours and try for months to find best settings...
To bring it to the point:
I am searching for a good way to handle that quarantined mails. I've learned from the google-oracle that there is no nice and easy way to release those mails but I also don't want the customer to call me for every mail with a pdf attached.
So I thought about moving all mails from one customer in a folder in the incoming of the virus-waurantine.XYZ@domain.de-Account with a filter and then share this folder to the customer (surely with explaining hin what this is and warning to open one of these mails without double checking).
What do you think of this idea?
It would be great to have the possibility to let delete these mails after 30 days. Any ideas?
Also I am wondering what would happen, if the customer syncs this folder with the Outlook Connector. Will his antivirus run wild?
I'm thankful for every comment and help. I hope that more Zimbra-admins are interested in this issue and I can start a discussion in this thread.
How do you handle quarantined mails?
Regards,
Steffen
Best Practice virus.quarantine
Best Practice virus.quarantine
I had to disable flagging on encrypted PDFs. Its becoming a more popular thing to password protect PDF files at least with our infrastructure. I ensure I have up to date virus protection on the client machines as well.
I am wondering a nice way to release the quarantine emails as well. I had to forward a few out of the box then I get phone calls about those emails because it came from the quarantine mailbox not my own.
I am wondering a nice way to release the quarantine emails as well. I had to forward a few out of the box then I get phone calls about those emails because it came from the quarantine mailbox not my own.
Best Practice virus.quarantine
Bug 8454 – Quarantined email management functions
Note that the script mentioned in the (current) last comment is for older versions of Zimbra. In another thread, I mentioned how I used zmlmtpinject to released quarantined messages in ZCS 6. Not sure either of these would work in 7.
I agree that if someone is sending/receiving a lot of (legitimate) encrypted PDFs, there's no point in filtering them out. In my opinion, the whole point of quarantine is to interpose a layer of human-administrator caution into the process of opening a suspect email.
That said if you want to, essentially, deliver all suspect emails (possibly with certain additional criteria such as source address), then using a filter and a shared folder sounds like a good idea. The local A/V of your customer will see any (true) viral attachments if your customer uses ZCO or IMAP, but I don't think that should be a concern.
As for the emails being retained for exactly 30 days, that's what happens with all emails in the quarantine account. It shouldn't matter where the mails are filed, see
Also">http://www.zimbra.com/docs/ne/latest/ad ... olicy.html
Also see Bug 65475 – quarantined email is retained for 30 days, not 7. At the moment my observation is that mail is retained in quarantine for 30 days even though the account setting is 7 days. If this is fixed, though, you should still be able to set the retention to whatever you want, as described in the admin guide.
Note that the script mentioned in the (current) last comment is for older versions of Zimbra. In another thread, I mentioned how I used zmlmtpinject to released quarantined messages in ZCS 6. Not sure either of these would work in 7.
I agree that if someone is sending/receiving a lot of (legitimate) encrypted PDFs, there's no point in filtering them out. In my opinion, the whole point of quarantine is to interpose a layer of human-administrator caution into the process of opening a suspect email.
That said if you want to, essentially, deliver all suspect emails (possibly with certain additional criteria such as source address), then using a filter and a shared folder sounds like a good idea. The local A/V of your customer will see any (true) viral attachments if your customer uses ZCO or IMAP, but I don't think that should be a concern.
As for the emails being retained for exactly 30 days, that's what happens with all emails in the quarantine account. It shouldn't matter where the mails are filed, see
Also">http://www.zimbra.com/docs/ne/latest/ad ... olicy.html
Also see Bug 65475 – quarantined email is retained for 30 days, not 7. At the moment my observation is that mail is retained in quarantine for 30 days even though the account setting is 7 days. If this is fixed, though, you should still be able to set the retention to whatever you want, as described in the admin guide.
Best Practice virus.quarantine
@ewilen: Thanks for your opinion. I have read about this php-script to show the quarantine-folder and I gave it a try. But this doesn't solve my problems. Also the "download"-button doesn't work for me. I guess it's a unix-right-problem - haven't found time to debug this yet...
I also got in touch with this 7-day-retaining-"bug" as I wanted to change settings and the web-admin-console told me, that I have to set the value to a minimal value of 30 although I haven't changed this value. I guess this was a missing-communication-problem between different developers
I also got in touch with this 7-day-retaining-"bug" as I wanted to change settings and the web-admin-console told me, that I have to set the value to a minimal value of 30 although I haven't changed this value. I guess this was a missing-communication-problem between different developers