This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Newbie questions

Hello,

I have purchased SEA and we used for filtering our email server.

I tried to setup a policy for:

1. quarantine a suspicious file type in attachment like (*.bat, *.vbs, etc), i create in data control for inbound and outbound but when i tested with an email attached file extension *.bat, the message smoothly sent out and received.

Could you guys help me with the policy configuration...?

 

Cheers,

Edward



This thread was automatically locked due to age.
Parents
  • Hi Edward,

    There is a default rule for malicious files under threat protection.  You should be able to enable that one vs trying to create your own.  If you wish to add extra file types just follow the examples listed.

    In regards to outbound checking, you must configure exchange to relay outbound mail to the appliance and ensure its enable.. If you have any other rules above the rule you created that are for example "deliver immediately" then your rule may not be hit.

    The other thing to consider is that the appliance uses truetype file scanning, so the file your testing must actually have the correct file headers in it. 

    the simplest way to test is to zip a text file and rename it to something with more than one period.. like test.me.zip

    if the file is incomplete, corrupted or encrypted it will trigger other rules that may be delivering it. 

Reply
  • Hi Edward,

    There is a default rule for malicious files under threat protection.  You should be able to enable that one vs trying to create your own.  If you wish to add extra file types just follow the examples listed.

    In regards to outbound checking, you must configure exchange to relay outbound mail to the appliance and ensure its enable.. If you have any other rules above the rule you created that are for example "deliver immediately" then your rule may not be hit.

    The other thing to consider is that the appliance uses truetype file scanning, so the file your testing must actually have the correct file headers in it. 

    the simplest way to test is to zip a text file and rename it to something with more than one period.. like test.me.zip

    if the file is incomplete, corrupted or encrypted it will trigger other rules that may be delivering it. 

Children
No Data