Sophos Email customers using IP-based mailflow rule connectors must migrate to certificate-based configuration by March 31st. To see if you're affected Click Here.

This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

block an excel file that contains a certain name

I host my company's mail server via the cloud using Sophos Mail Security


I want to block an excel file containing a certain name from sending via email


How can I do this
I like your suggestion



Added tags
[edited by: Raphael Alganes at 11:00 AM (GMT -7) on 2 Jun 2023]
  •  Thank you for posting here. 

    Preventing using keyword or file type is usually done via the Data Leakage Prevention (or Data Control) policy. However what you are after, I don't think this is possible yet.

    This is because currently there are no rules that can trigger which takes both file type AND keyword type into account at the same time. Its going to be one or the other.. Either keyword type or file type rule. 

    This would have to be a feature request. 

    I would recommend contacting your Sophos Sales representative for lodging this. The link below explains how:

    https://community.sophos.com/b/community-blog/posts/sophos-ideas-portal-retirement

    Kindly give us a context for this request. I feel that some information is missing. The reason being is that the person might send the same information in a different file type anyway... So even if the feature you are after is present, it would not detect anyway if sent in another file type  - judging from the information that is currently known to us. 

  • As long as the excel file is not encrypted or password protected, Sophos Central Email Gateway should recognize a name as a keyword. You could even use a regular expression, to catch other spellings. Make sure to activate Subject, body, and attachments (content & name) in your outbound DLP rule.

    “First things first, but not necessarily in that order” – Doctor Who

  • I can confirm this simply works. Outbound mails that have an excel attachment containing the string MahmoudMohsen are quarantained in my test environment. This would of course happen to all outbound mails containing that name in either subject, body or attachment, if the policy applies. Can also work for inbound mails.

    “First things first, but not necessarily in that order” – Doctor Who

  • If your intention is to just block attachments containing a name instead of all mails, I recommend to take a look at CIXA and its DLP capabilities, which can take care of that.

    “First things first, but not necessarily in that order” – Doctor Who