How can I quarantine unchecked mail that cannot be scanned by the anti-virus scanner for even better security?

Warden 4.0 supports quarantining uncheck email. Unchecked mail is when the anti-virus cannot scan a message in situations like the anti-virus daemon being down or if the mail contains a password-protected archive. Hackers try to bypass anti-virus scans by sending malware to users using password-protected archives.

To Enable Quarantine for Unchecked Mail

  1. Go to Warden -> Settings -> Content Filter -> Content Filter Settings -> make sure that Final unchecked destiny is set to reject.

Final unchecked destiny

2. Go to Warden -> Settings -> Content Filter -> Policy Settings -> Unchecked -> set Receive unchecked emails to No.

Receive unchecked emails

Now mail that cannot be scanned by the anti-virus scanner will be quarantined instead of just tagged as "UNCHECKED".

To Disable the Quarantine for Unchecked Mail

The default server wide policy setting under Warden -> Settings -> Content Filter -> Policy Settings -> Unchecked -> Receive unchecked emails is Yes. This means the mail will be tagged as UNCHECKED and passed to the users mailbox. A copy of the message will be stored in the quarantine for investigation and will be deleted automatically after 30 days. If you don't plan on using the quarantine for unchecked mail and you don't want unchecked messages stored in the quarantine you can disable the quarantine for unchecked mail by editing the Amavis config.

To disable the quarantine of unchecked email on Centos/RHEL/CloudLinux/AlmaLinux edit the file /etc/amavisd/warden.conf or on Debian/Ubuntu edit the file /etc/amavis/conf.d/99-warden and search for the $unchecked_quarantine_method option.

Change from:

$unchecked_quarantine_method = "local:unchecked-%m";

Change to:

$unchecked_quarantine_method = undef;

Restart Amavis

// Centos / RHEL / CloudLinux
systemctl restart amavisd

// Debian / Ubuntu
systemctl restart amavis

Now unchecked mail will not be stored in the quarantine.

  • UNCHECKED, quarantine
  • 0 Пользователи нашли это полезным
Помог ли вам данный ответ?

Связанные статьи

How can I change the interface language of the extension?

You can change the interface language under Settings -> Application Settings -> Locale...

How can I disable admin email notifications in Amavis?

Amavis has different default options for controlling where virus, spam, banned file attachments,...

How can I whitelist or blacklist a mail server from greylisting?

To Whitelist a Mail Server From Greylisting Navigate to Warden -> Settings ->...

How can I enable third party anti-virus signatures within Warden to improve the ClamAV detection rate?

Warden supports enabling third party anti-virus signatures to improve the detection rate. These...

How can I setup a local caching DNS resolver to speed up DNS queries used by Amavis?

Run the following command to check if local DNS caching is enabled: host -tTXT...