Zimbra block encrypted archives

By default Zimbra will block encrypted archives such as ZIP or PDF that cannot be scanned. You can disable this function from the Global Settings.

A customer called me that important mail was not delivered and it was flagged as virus. They ware receiving this attachment without any problems before they switched to my Zimbra hosted solution. After checking the mail I’ve noticed this message:

Subject: VIRUS (Heuristics.Encrypted.PDF) in mail FROM [X.X.X.X]

A virus was found: Heuristics.Encrypted.PDF
Scanner detecting a virus: ClamAV-clamd

Block encrypted archives from GUI

You can disable this function from the Global Settings by unchecking Block encrypted archives from the AS/AV tab.

Block Encrypted Archives

Block encrypted archives from command line

This also can be done from the command line:

vi /opt/zimbra/clamav-0.97.5/etc/clamd.conf

In this file you can set ArchiveBlockEncrypted to NO or comment it out because NO is the default value

# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: no
#ArchiveBlockEncrypted no

This doesn’t mean that you are not vulnerable to viruses, the antivirus has big database of real virus threads and will be able to catch real security threads. This feature should be disabled because business users use a lot of encrypted PDF’s.

VMware Zimbra

  • mobileleo

    hmmm interesting why they would do that…

    is zimbra secure enough, or would other services/add-ons be a good idea?

    I’ve been playing around with a service called penango. They offer a 14-day free trial so i decided to do it. So far I’ve only sent a few test emails and it seems to be working great. It’s end-to-end encryptions, FIPS 140-2 certified, S/MIME and works on a bunch of platforms like gmail, google apps, vmware email, zimbra outlook…check it out penango.com