Search through quarantine in Internet gatekeeper for Linux

JGRA

 Dears,

 

  is there an easy way to search through e-mail quarantine in F-secure Internet gatekeeper for Linux? Can´t we use a simple e-mail client to have access to those files?

 

Thanks

 

Joao Araujo

johan65

 

Hi Dear!

 

 

Unfortunately, this product does not save any quarantine data in to a database and therefore there are no possibilities to manage mail in a way you like. The only thing you can do is mentioned here in this very Community by a command within linux cmd-window. Please read more here. Maybe if you have a license to use "F-Secure Antivirus for MS Exchange" and, of course, have that kind of mail server, please try this software instead. But do the installation well and follow all the necessary steps and requirements you find in the documentation.

 

 

With Best Regards:

Johan O Olsson/ATEA Sweden AB Karlstad

JGRA

 Hi Johan,

 

   I´ve done that but the thing is that the e-mail is sent as a plain text file and I couldnt send it to the users because the attachments are seen in MIME format, to say nothing about HTML format. Is there a way to restore the e-mail as it was originally sent so that we can extract the attachments? Some kind of script that make some treatment on the headers bofore sending it?

 

Best Regards,

 

 Joao

 XSITE

JGRA

 

  To those who are interested in this topic. The best way I found to search and retrieve the messages in the quarantine was to rename all files to .eml using a shell script and then copying them to a Windows 7 host to search using Windows Explorer. Alternatively you can set the quarantine folder to an SMB mount point and run the script periodically (ex: cron). Here´s a simple example script you coul use inside each quarantine directory (ex: 20120210):

 

for file in `ls` do; mv $file $file.eml; done;

 

    Do not run this script in the base quarantine directory because it will try to rename the folders to .eml and the trick wont work.

 

    You can then open the files using some e-mal client, like Mozilla Thunderbird, and resend the original e-mail. The down side is that it will be a new e-mail with a different sender, not the original one.

 

    It shouldn´t be that hard for F-Secure to implement a Quarantine Management inside the Web Console. Overall the product lies far behind its competitors.

 

    Best Regards,

 

     Joao Araujo

     XSITE - Salvador - Bahia - Brazil

klauzser

I've been looking for the quarantined data for Internet gatekeeper for a long time. I should have read something here first as I wasted a lot of time. Thanks anyway.

danychouinard

I also have install SAMBA to access the quarantine since the mail command line trick doesn't seem to handle MIME HTML content properly.  To rename files, I prefere a single command to scan the whole quarantine folder in my CRON :

 

find /var/tmp/quarantine -type f ! -name "*.eml" -exec mv {} {}.eml \;

 

This will look only for files that does not already have the eml extension et rename it with the proper eml extension.