1

Topic: download quarantined attachments

==== REQUIRED BASIC INFO OF YOUR IREDMAIL SERVER ====
- iRedMail version (check /etc/iredmail-release): 0.9.6
- Deployed with iRedMail Easy or the downloadable installer? NO
- Linux/BSD distribution name and version: Centos 6.10
- Store mail accounts in which backend (LDAP/MySQL/PGSQL):  LDAP
- Web server (Apache or Nginx): Apache
- Manage mail accounts with iRedAdmin-Pro? Yes
- [IMPORTANT] Related original log or error message is required if you're experiencing an issue.
====

I need to download attachments in the quarantine without releasing the message. Can you help with an example SQL command?

----

Spider Email Archiver: On-Premises, lightweight email archiving software developed by iRedMail team. Supports Amazon S3 compatible storage and custom branding.

2 (edited by luke31 2024-04-03 00:58:27)

Re: download quarantined attachments

I'm not an CentOS expert but from what i have seen the virusmails are quarantined in /var/amavis/virusmails/

From there you can use gunzip and then munpack to get the attachments from the email.

3

Re: download quarantined attachments

no, virusmails are stored in mysql backend

aswell: 0.9.6 (Jan 23, 2017)

That's an super outdated version for a not supported distro (Centos 6.10)

CentOS was dropped completly, only CentOS Stream (8 / 9) is supported.

Warning: CentOS 6 operating system version reached end of support (EOS) on November 30th, 2020. After this EOS date, updates and patches from the CentOS community were notavailable anymore.

Your system is very vulnerable, doesn't support TLS 1.3, uses weak/outdated ciphers, and many other exploits that didn't get any patches anymore.

For example:
https://www.postfix.org/smtp-smuggling.html

Currently, there is no viable way to just download the attachment without releasing it, since the full body gets stored truncated in parts as a BLOB (Binary Large Object)

There is no reliable way to archive what you want

4

Re: download quarantined attachments

Cthulhu wrote:

Your system is very vulnerable, doesn't support TLS 1.3, uses weak/outdated ciphers, and many other exploits that didn't get any patches anymore.

I'm aware. Thanks for the reply. Clears up the question!!