Problems releasing an infected email from quarantine

Questions and answers about how to do stuff
Post Reply
ovizii
Posts: 456
Joined: 11 May 2016 08:08

Problems releasing an infected email from quarantine

Post by ovizii » 10 Sep 2019 21:12

Hi there,

I have read a couple of similar posts around here but I think my problem is different. Recently apparently malwarepatrol seems to have started marking email containing docs.gogle.com as viruses:

Code: Select all

sigtool --find-sigs MBL_34101911
[malwarepatrol.ndb] MBL_34101911:0:*:68747470733a2f2f646f63732e676f6f676c652e636f6d

Code: Select all

sigtool --find-sigs MBL_34101911 | sigtool --decode-sigs
VIRUS NAME: MBL_34101911
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
https://docs.google.com
So, what I usually do in these cases is edit MailScanner.conf and add the signature to the SpamVirus definition so it gets tagged with extra SPAM score but not quarantined:

Code: Select all

Virus Names Which Are Spam = MBL_34101911.UNOFFICIAL
This works fine but unfortunately, I am unable to release the email from quarantine. I go to the emails details within EFA web interface, scroll down check the box next to release, click on submit and nothing happens. Also nothing visible in the mail log while I press submit. YES, the email is inside the quarantine, I went in via SSh and used alpine to send it out as an attachment.

Screenshots:
https://monosnap.com/direct/nCjseJWgSMc ... jMTVM3WYBl
https://monosnap.com/direct/4tmGBhmZeXF ... h3jyKIrWue

oh, I have another EFA instance where this works but I cannot find the difference :-(

Post Reply