Problems releasing an infected email from quarantine
Posted: 10 Sep 2019 21:12
Hi there,
I have read a couple of similar posts around here but I think my problem is different. Recently apparently malwarepatrol seems to have started marking email containing docs.gogle.com as viruses:
So, what I usually do in these cases is edit MailScanner.conf and add the signature to the SpamVirus definition so it gets tagged with extra SPAM score but not quarantined:
This works fine but unfortunately, I am unable to release the email from quarantine. I go to the emails details within EFA web interface, scroll down check the box next to release, click on submit and nothing happens. Also nothing visible in the mail log while I press submit. YES, the email is inside the quarantine, I went in via SSh and used alpine to send it out as an attachment.
Screenshots:
https://monosnap.com/direct/nCjseJWgSMc ... jMTVM3WYBl
https://monosnap.com/direct/4tmGBhmZeXF ... h3jyKIrWue
oh, I have another EFA instance where this works but I cannot find the difference
I have read a couple of similar posts around here but I think my problem is different. Recently apparently malwarepatrol seems to have started marking email containing docs.gogle.com as viruses:
Code: Select all
sigtool --find-sigs MBL_34101911
[malwarepatrol.ndb] MBL_34101911:0:*:68747470733a2f2f646f63732e676f6f676c652e636f6d
Code: Select all
sigtool --find-sigs MBL_34101911 | sigtool --decode-sigs
VIRUS NAME: MBL_34101911
TARGET TYPE: ANY FILE
OFFSET: *
DECODED SIGNATURE:
https://docs.google.com
Code: Select all
Virus Names Which Are Spam = MBL_34101911.UNOFFICIAL
Screenshots:
https://monosnap.com/direct/nCjseJWgSMc ... jMTVM3WYBl
https://monosnap.com/direct/4tmGBhmZeXF ... h3jyKIrWue
oh, I have another EFA instance where this works but I cannot find the difference