Quarantined email recovery - how??

Forum for support for the Kaspersky AntiVirus for WinGate plugin

Moderator: Qbik Staff

Quarantined email recovery - how??

Postby alyork » Mar 23 09 7:14 am

I was sent an important secure email attachment and it got stopped by Kaspersky and quarantined. I clicked on release or what ever it was and went from quarantine but email never arrived. Where did it go? How do I get it back? Help. Thanks - Al
alyork
 
Posts: 95
Joined: Jun 13 08 3:57 pm
Location: Vancouver, Canada

Re: Quarantined email recovery - how??

Postby adrien » Mar 23 09 1:53 pm

Hi

normally releasing a quarantined email from the quarantine just puts it back in the SMTP delivery queue.

If it didn't then get delivered, check the dead folder?

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Quarantined email recovery - how??

Postby adrien » Mar 23 09 1:57 pm

actually it looks like releasing something from the quarantine puts it in the folder

WinGate\Quarantine\Release\SMTP Server\

From where it is checked by the mail delivery queue processing, and split out from a .cmp file back into .msg and .rcp files into the PostIn folder from where it should be delivered.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Quarantined email recovery - how??

Postby alyork » Mar 23 09 6:40 pm

I hope you mean POP3?

I found it in:

I:\Program Files\WinGate\Quarantine\Release\POP3Proxy\account@209.197.74.39#110

Its just sitting there.
alyork
 
Posts: 95
Joined: Jun 13 08 3:57 pm
Location: Vancouver, Canada

Re: Quarantined email recovery - how??

Postby adrien » Mar 23 09 10:47 pm

OK, it's from POP3 retrieval through the POP3 proxy then I guess...

I just checked through the code. Looks like the whole system of quarantining for POP3 is less than ideal.

When an email scanned during POP3 retrieval is quarantined, 2 files are created in the quarantine. A .QIN (quarantine info) and a .QUO (quarantine object) file. The .QUO file in this case is just the verbatim email message. The .QIN file is used to display info about the quarantined item, such as size, and why it was quarantined (the fields showing in the quarantine window).

When you release the file from the quarantine, it simply copies the .quo file to the folder under the release folder relating to the POP3 account being checked. In this case, the file should be a .msg file containing the original message.

With items quarantined by POP3, this is as far as the process goes. I originally thought it would show back in the mailbox, but this I think turned out to be highly problematic in the past.

So to get the email, best option is if you've got a POP3 account working on that WinGate Server (e.g. using WinGate as a POP3 server), then drop the file into that folder and retrieve it with a POP3 client.

Regards

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Quarantined email recovery - how??

Postby alyork » Mar 24 09 4:37 pm

Sorry, I don't understand what you mean. Except for "Looks like the whole system of quarantining for POP3 is less than ideal."

Do you mean we have set up Wingate in a specific way to get quarantined incoming email back again? We have POP3 server and proxy enabled in Wingate. There is no POP3 client on the server.
alyork
 
Posts: 95
Joined: Jun 13 08 3:57 pm
Location: Vancouver, Canada

Re: Quarantined email recovery - how??

Postby adrien » Mar 24 09 10:01 pm

If you have a pop3 server on there pick a mailbox (under mail\pop3\...) and drag the file into there from explorer, then using a normal mail client you'd retrieve the message.

That's what I mean by less than ideal... ideal would be if the file would be made available next time the user checked their POP3 mailbox through the POP3 proxy.

Adrien
adrien
Qbik Staff
 
Posts: 5441
Joined: Sep 03 03 2:54 pm
Location: Auckland

Re: Quarantined email recovery - how??

Postby alyork » Mar 25 09 12:45 pm

Sorry, still lost. There are no mailboxes under mail\pop3\... Each user gets their mail from their ISP mailbox. Is that not correct?
alyork
 
Posts: 95
Joined: Jun 13 08 3:57 pm
Location: Vancouver, Canada

Re: Quarantined email recovery - how??

Postby logan » Mar 25 09 6:20 pm

What Adrien is saying, is that when an email is caught by KAV and quarantined in the POP3 Proxy Server (I.e. not the WinGate Mail Server), then having the file automatically released back to the client is problematic because we aren't the mail server that the client is talking to. In this case, we are just the proxy. We can't just put the email back in the clients mailbox for redelivery because the mailbox is on some other server over the internet.

You will have to manually retrieve the email to get it back. The easiest way to do this is to setup a POP3 mailbox (i.e. create a new user) on the WinGate computer specifically for releasing quarantined emails, and then after releasing a quarantined email, move it to this mailbox. You will be able to connect in to the mail box from a client and download the email.
logan
Qbik Staff
 
Posts: 671
Joined: Oct 19 06 2:49 pm
Location: Auckland, New Zealand


Return to Kaspersky AntiVirus for WinGate

Who is online

Users browsing this forum: No registered users and 17 guests