Zimbra block encrypted archives

By default Zimbra will block encrypted archives such as ZIP or PDF that cannot be scanned. You can disable this function from the Global Settings.

A customer called me that important mail was not delivered and it was flagged as virus. They ware receiving this attachment without any problems before they switched to my Zimbra hosted solution. After checking the mail I’ve noticed this message:

ADVERTISEMENT

Subject: VIRUS (Heuristics.Encrypted.PDF) in mail FROM [X.X.X.X]

A virus was found: Heuristics.Encrypted.PDF
Scanner detecting a virus: ClamAV-clamd

Block encrypted archives from GUI

You can disable this function from the Global Settings by unchecking Block encrypted archives from the AS/AV tab.

Block Encrypted Archives

Block encrypted archives from command line

This also can be done from the command line:

vi /opt/zimbra/clamav-0.97.5/etc/clamd.conf

In this file you can set ArchiveBlockEncrypted to NO or comment it out because NO is the default value

# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: no
#ArchiveBlockEncrypted no

This doesn’t mean that you are not vulnerable to viruses, the antivirus has big database of real virus threads and will be able to catch real security threads. This feature should be disabled because business users use a lot of encrypted PDF’s.

VMware Zimbra

ADVERTISEMENT