virus detected, but not blocked

Discuss your pilot or production implementation with other Zimbra admins or our engineers.
sangamc
Advanced member
Advanced member
Posts: 148
Joined: Sat Sep 13, 2014 12:39 am

virus detected, but not blocked

Postby sangamc » Sun Mar 17, 2019 10:36 am

Hello everyone,

I am having a strange issue with 2 of my zimbra servers. An email comes in with a virus. It shows in the log virus detected in attachment, but the virus email is not always blocked. Sanesecurity detected attachments still get delivered to the inbox.

What is extra strange is the virus mailbox on the server also gets a copy of the email and the header is even modified to show a virus is detected, but my users are still getting them mails.

A big concern because we are in healthcare and get targeted by cryptolocker ransomware almost every week :(


Sat Mar 16 23:37:35 2019 -> /opt/zimbra/data/amavisd/tmp/amavis-20190316T233013-55170-60PcX0HL/parts/p003: Sanesecurity.Malware.27423.PdfHeur.UNOFFICIAL FOUND


Release 8.8.9_GA_2055.RHEL6_64_20180703080917 RHEL6_64 FOSS edition, Patch 8.8.9_P9
clamav 0.101.1 installed, but still reporting 0.99 ??? not sure why but something to do with zimbra 8.8.9?
unofficial sigs 5.6.2 installed


sangamc
Advanced member
Advanced member
Posts: 148
Joined: Sat Sep 13, 2014 12:39 am

Re: virus detected, but not blocked

Postby sangamc » Thu Mar 21, 2019 1:34 pm

Digging a little more. It looks like some of the unofficial definitions are working and the email is getting blocked with a notification going out to the admin and the user. Other definitions under sane security are detecting and showed in the logs, but not getting blocked.

Where do I need to look to make sure all detection's lead to the email getting blocked?

Return to “Administrators”

Who is online

Users browsing this forum: No registered users and 22 guests