Page 1 of 1

Problems releasing an infected email from quarantine

Posted: 10 Sep 2019 21:12
by ovizii
Hi there,

I have read a couple of similar posts around here but I think my problem is different. Recently apparently malwarepatrol seems to have started marking email containing as viruses:

Code: Select all

sigtool --find-sigs MBL_34101911
[malwarepatrol.ndb] MBL_34101911:0:*:68747470733a2f2f646f63732e676f6f676c652e636f6d

Code: Select all

sigtool --find-sigs MBL_34101911 | sigtool --decode-sigs
VIRUS NAME: MBL_34101911
So, what I usually do in these cases is edit MailScanner.conf and add the signature to the SpamVirus definition so it gets tagged with extra SPAM score but not quarantined:

Code: Select all

Virus Names Which Are Spam = MBL_34101911.UNOFFICIAL
This works fine but unfortunately, I am unable to release the email from quarantine. I go to the emails details within EFA web interface, scroll down check the box next to release, click on submit and nothing happens. Also nothing visible in the mail log while I press submit. YES, the email is inside the quarantine, I went in via SSh and used alpine to send it out as an attachment.

Screenshots: ... jMTVM3WYBl ... h3jyKIrWue

oh, I have another EFA instance where this works but I cannot find the difference :-(