Restore-Quarantined-Emails

Workaround To Restore Quarantined Emails

   KB 20468        Last updated on 2015-07-12  




0.00
(0 votes)

Workaround

  • 1. First identify the name the file is quarantined as from the notification email that would have been sent to the admin account. For messages marked as viruses, including emails containing encrypted archives, the line in the email might look something like “The message has been quarantined as: virus-n89eFiOoPVpn”. For other blocked emails the name would begin with “blocked-” or “banned-”.
  • 2. Once you have the name, locate this file on the server. To do this, sudo as zimbra on the server and navigate to “/opt/zimbra/data/amavisd/quarantine/”. You should find the file in this folder.
  • 3. Once you have the file name, run the following command:
 /opt/zimbra/bin/zmlmtpinject -s <sender_email> /opt/zimbra/data/amavisd/quarantine/<file_name> -r  <recipient_email>

Replace: sender_email with your email or the email you would like the email to be sent as. recipient_email with the recipient's email address. file_name with the name of the banned file you identified from step one. There is also an feature enhancement request exist to manage Quarantined emails (will be fixed in future releases).

RFE: http://bugzilla.zimbra.com/show_bug.cgi?id=8454

Community Workaround

Based on this post [1]

View mail in the quarantine account via Admin Console

Log into the admin console with the admin account In the search box at the top, enter 'virus' as the search term and hit enter/click the magnifier. This should list an account like virus-quarantine.<random>@mailhost. You won't be able to find this account through the usual Manage --> Accounts screen since its a hidden account. I didn't know of another way to view hidden accounts. Right-click the account and select View Mail. You will then be taken to the webmail for that account, where you can look for the offending email.

Note: I tried from here to just right-click the message and select "Redirect" (also tried "Forward) but unfortunately it doesn't work since the message just gets re-quarantined. For this to work, the virus checks would need to be bypassed for *both* outgoing and incoming (ie. avoid checking the message on the way out from the quarantine account and on the way in to the original recipient). I tried setting various options on the quarantine account (amavisBypassSpamChecks already set to TRUE, added amavisBypassVirusChecks TRUE) without success, again I think because of the incoming check.

Resent the message injecting it into the LMTP pipe

The message can be resent using the same basic method from pre 8.X of injecting into the LMTP pipe, but with some modifications around how to find the message. Become zimbra user

   su - zimbra

Get quarantine account

   zmprov gcf zimbraAmavisQuarantineAccount

(returns: zimbraAmavisQuarantineAccount: virus-quarantine.randomstring@mymail.mydomain.com) Get mailbox id for quarantine user

   zmprov gmi <quarantine_user>

(e.g. zmprov gmi virus-quarantine.randomstring@mymail.mydomain.com) (returns: mailboxId: 42) Change to quarantine user message store

   cd /opt/zimbra/store/0/<mailbox id>/msg/0

(e.g. cd /opt/zimbra/store/0/42/msg/0) Identify message by searching for recipient, message content, etc. You can use the quarantine webmail from above to view for some identifiers

   grep -l someuser@mydomain.com *

(returns: 123-45.msg) Send message to recipient using LMTP re-injection (bypasses virus checks)

   zmlmtpinject -r <recipient email> -s <sender email> <message filename>

(e.g. zmlmtpinject -r someuser@mydomain.com -s admin@mydomain.com 123-45.msg)

Hope it helps

{{Article Footer|Zimbra Collaboration 8.0, 8.5, 8.6; |12/29/2014}
Jump to: navigation, search