VirusTotal check for Zimbra emails

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
User avatar
maxxer
Outstanding Member
Outstanding Member
Posts: 224
Joined: Fri Oct 04, 2013 2:12 am
Contact:

VirusTotal check for Zimbra emails

Post by maxxer »

If anyone is interested, also for improving it, I wrote a quick howto on how to add VirusTotal check on Amavisd for mails coming and going from Zimbra:

https://lorenzo.mile.si/zimbra-enhance- ... -com/1094/
User avatar
zimico
Outstanding Member
Outstanding Member
Posts: 225
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: VirusTotal check for Zimbra emails

Post by zimico »

This is great, Maxxer. We recently have huge phishing/spam attach with doc, zip file attachment. Zimbra can not filter out those bad emails. Do you use this on your production system?
I think 4 hit/minutes is quite low, I am reading about how to increase it. Did you try https://hub.ercpe.de/vtcache/vtapi/v2/file/report as proxy? It seems to be death link now.
Best regards,
Minh.
User avatar
maxxer
Outstanding Member
Outstanding Member
Posts: 224
Joined: Fri Oct 04, 2013 2:12 am
Contact:

Re: VirusTotal check for Zimbra emails

Post by maxxer »

Yeah that limit is pretty low and you often hit it. I have installed it in three servers and so far it's working good, I didn't have any problem reported.

I see the proxy suggested in the README is dead. I did a quick search on Google and found there are some python stuff around, but I didn't try them. The problems is to create something like a public service in order to really reduce the requests forwarded to VT. If you find a software that works let me know, we can try a private test here on the forum
Klug
Ambassador
Ambassador
Posts: 2747
Joined: Mon Dec 16, 2013 11:35 am
Location: France - Drôme
ZCS/ZD Version: All of them
Contact:

Re: VirusTotal check for Zimbra emails

Post by Klug »

It's an old page (2016) and it's in french (sorry) but here you have informations about using the free version of Tyk as proxy/cache to the VT API.
https://blog.zenithar.org/post/2016/01/ ... irustotal/
User avatar
maxxer
Outstanding Member
Outstanding Member
Posts: 224
Joined: Fri Oct 04, 2013 2:12 am
Contact:

Re: VirusTotal check for Zimbra emails

Post by maxxer »

Klug wrote:It's an old page (2016) and it's in french (sorry) but here you have informations about using the free version of Tyk as proxy/cache to the VT API.
https://blog.zenithar.org/post/2016/01/ ... irustotal/
Thanks, very useful.
It needs a little tweaking, at least for how I intended to use it. From what I understand this adds a static api key to all forwarded calls. Instead I'd like to receive calls as if they were made for VT, check the cache excluding the API parameter and if not found forward it upstream as is.
This way I can use a single proxy for more than one customer. Maybe it's a little border line in term of license usage, but I'd use it internally. I have to dig into the docs on how to do that, but it's a good starting point, thanks again
User avatar
zimico
Outstanding Member
Outstanding Member
Posts: 225
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: VirusTotal check for Zimbra emails

Post by zimico »

Dear Maxxer,
I'm using Centos 7, installation went OK (I installed python3-devel also). However I can not find out where "amavis-vtd.service" is by following your guide:

Code: Select all

cp etc/amavis-vtd.service /etc/systemd/system
Run #find / -name amavis-vtd.service with no result.
As your code, amavis-vtd.service is in /usr/local/src/amavisvt/etc, isn't it?
Best regards,
Minh.
User avatar
Peter Parker
Posts: 8
Joined: Mon Apr 09, 2018 2:06 am
Location: Vietnam

Re: VirusTotal check for Zimbra emails

Post by Peter Parker »

Hi Maxxer,

As your guide, it still working with Centos, isn't it?.

As far as I know, we need to create an amavis-vtd.service through manually, or it will automatically generate when we installed the packages.

https://www.linode.com/docs/quick-answe ... e-at-boot/
User avatar
maxxer
Outstanding Member
Outstanding Member
Posts: 224
Joined: Fri Oct 04, 2013 2:12 am
Contact:

Re: VirusTotal check for Zimbra emails

Post by maxxer »

The service file is in the GitHib repo of the project. I'll try to document better
User avatar
fferraro87
Advanced member
Advanced member
Posts: 99
Joined: Thu Apr 28, 2016 8:58 am

Re: VirusTotal check for Zimbra emails

Post by fferraro87 »

maxxer wrote:The service file is in the GitHib repo of the project. I'll try to document better
Hi,
in the github repo i can't see service file, can you tell me filename inside github repo?

Thanks
User avatar
zimico
Outstanding Member
Outstanding Member
Posts: 225
Joined: Mon Nov 14, 2016 8:03 am
Location: Vietnam
ZCS/ZD Version: 8.8.15 P3
Contact:

Re: VirusTotal check for Zimbra emails

Post by zimico »

Hi Maxxer,
if possible, could you please share the service file?
Many thanks,
Minh
Post Reply