Warden 4.0 supports quarantining uncheck email. Unchecked mail is when the anti-virus cannot scan a message in situations like the anti-virus daemon being down or if the mail contains a password-protected archive. Hackers try to bypass anti-virus scans by sending malware to users using password-protected archives.
To Enable Quarantine for Unchecked Mail
- Go to Warden -> Settings -> Content Filter -> Content Filter Settings -> make sure that Final unchecked destiny is set to reject.
2. Go to Warden -> Settings -> Content Filter -> Policy Settings -> Unchecked -> set Receive unchecked emails to No.
Now mail that cannot be scanned by the anti-virus scanner will be quarantined instead of just tagged as "UNCHECKED".
To Disable the Quarantine for Unchecked Mail
The default server wide policy setting under Warden -> Settings -> Content Filter -> Policy Settings -> Unchecked -> Receive unchecked emails is Yes. This means the mail will be tagged as UNCHECKED and passed to the users mailbox. A copy of the message will be stored in the quarantine for investigation and will be deleted automatically after 30 days. If you don't plan on using the quarantine for unchecked mail and you don't want unchecked messages stored in the quarantine you can disable the quarantine for unchecked mail by editing the Amavis config.
To disable the quarantine of unchecked email on Centos/RHEL/CloudLinux/AlmaLinux edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and search for the $unchecked_quarantine_method option.
Change from:
$unchecked_quarantine_method = "local:unchecked-%m";Change to:
$unchecked_quarantine_method = undef;Restart Amavis
// Centos / RHEL / CloudLinux
systemctl restart amavisd
// Debian / Ubuntu
systemctl restart amavisNow unchecked mail will not be stored in the quarantine.
