VirusTotal check for Zimbra emails
VirusTotal check for Zimbra emails
If anyone is interested, also for improving it, I wrote a quick howto on how to add VirusTotal check on Amavisd for mails coming and going from Zimbra:
https://lorenzo.mile.si/zimbra-enhance- ... -com/1094/
https://lorenzo.mile.si/zimbra-enhance- ... -com/1094/
- zimico
- Outstanding Member
- Posts: 225
- Joined: Mon Nov 14, 2016 8:03 am
- Location: Vietnam
- ZCS/ZD Version: 8.8.15 P3
- Contact:
Re: VirusTotal check for Zimbra emails
This is great, Maxxer. We recently have huge phishing/spam attach with doc, zip file attachment. Zimbra can not filter out those bad emails. Do you use this on your production system?
I think 4 hit/minutes is quite low, I am reading about how to increase it. Did you try https://hub.ercpe.de/vtcache/vtapi/v2/file/report as proxy? It seems to be death link now.
Best regards,
Minh.
I think 4 hit/minutes is quite low, I am reading about how to increase it. Did you try https://hub.ercpe.de/vtcache/vtapi/v2/file/report as proxy? It seems to be death link now.
Best regards,
Minh.
Re: VirusTotal check for Zimbra emails
Yeah that limit is pretty low and you often hit it. I have installed it in three servers and so far it's working good, I didn't have any problem reported.
I see the proxy suggested in the README is dead. I did a quick search on Google and found there are some python stuff around, but I didn't try them. The problems is to create something like a public service in order to really reduce the requests forwarded to VT. If you find a software that works let me know, we can try a private test here on the forum
I see the proxy suggested in the README is dead. I did a quick search on Google and found there are some python stuff around, but I didn't try them. The problems is to create something like a public service in order to really reduce the requests forwarded to VT. If you find a software that works let me know, we can try a private test here on the forum
-
- Ambassador
- Posts: 2767
- Joined: Mon Dec 16, 2013 11:35 am
- Location: France - Drôme
- ZCS/ZD Version: All of them
- Contact:
Re: VirusTotal check for Zimbra emails
It's an old page (2016) and it's in french (sorry) but here you have informations about using the free version of Tyk as proxy/cache to the VT API.
https://blog.zenithar.org/post/2016/01/ ... irustotal/
https://blog.zenithar.org/post/2016/01/ ... irustotal/
Re: VirusTotal check for Zimbra emails
Thanks, very useful.Klug wrote:It's an old page (2016) and it's in french (sorry) but here you have informations about using the free version of Tyk as proxy/cache to the VT API.
https://blog.zenithar.org/post/2016/01/ ... irustotal/
It needs a little tweaking, at least for how I intended to use it. From what I understand this adds a static api key to all forwarded calls. Instead I'd like to receive calls as if they were made for VT, check the cache excluding the API parameter and if not found forward it upstream as is.
This way I can use a single proxy for more than one customer. Maybe it's a little border line in term of license usage, but I'd use it internally. I have to dig into the docs on how to do that, but it's a good starting point, thanks again
- zimico
- Outstanding Member
- Posts: 225
- Joined: Mon Nov 14, 2016 8:03 am
- Location: Vietnam
- ZCS/ZD Version: 8.8.15 P3
- Contact:
Re: VirusTotal check for Zimbra emails
Dear Maxxer,
I'm using Centos 7, installation went OK (I installed python3-devel also). However I can not find out where "amavis-vtd.service" is by following your guide:
Run #find / -name amavis-vtd.service with no result.
As your code, amavis-vtd.service is in /usr/local/src/amavisvt/etc, isn't it?
Best regards,
Minh.
I'm using Centos 7, installation went OK (I installed python3-devel also). However I can not find out where "amavis-vtd.service" is by following your guide:
Code: Select all
cp etc/amavis-vtd.service /etc/systemd/system
As your code, amavis-vtd.service is in /usr/local/src/amavisvt/etc, isn't it?
Best regards,
Minh.
- Peter Parker
- Posts: 8
- Joined: Mon Apr 09, 2018 2:06 am
- Location: Vietnam
Re: VirusTotal check for Zimbra emails
Hi Maxxer,
As your guide, it still working with Centos, isn't it?.
As far as I know, we need to create an amavis-vtd.service through manually, or it will automatically generate when we installed the packages.
https://www.linode.com/docs/quick-answe ... e-at-boot/
As your guide, it still working with Centos, isn't it?.
As far as I know, we need to create an amavis-vtd.service through manually, or it will automatically generate when we installed the packages.
https://www.linode.com/docs/quick-answe ... e-at-boot/
Re: VirusTotal check for Zimbra emails
The service file is in the GitHib repo of the project. I'll try to document better
- fferraro87
- Advanced member
- Posts: 99
- Joined: Thu Apr 28, 2016 8:58 am
Re: VirusTotal check for Zimbra emails
Hi,maxxer wrote:The service file is in the GitHib repo of the project. I'll try to document better
in the github repo i can't see service file, can you tell me filename inside github repo?
Thanks
- zimico
- Outstanding Member
- Posts: 225
- Joined: Mon Nov 14, 2016 8:03 am
- Location: Vietnam
- ZCS/ZD Version: 8.8.15 P3
- Contact:
Re: VirusTotal check for Zimbra emails
Hi Maxxer,
if possible, could you please share the service file?
Many thanks,
Minh
if possible, could you please share the service file?
Many thanks,
Minh