This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attachments blocked by different extension

Hi

Most of the time when users try to send out mails with Powerpoint attachments (.pptx) the mails are being blocked because of file extension ".tmp".


Quarantaine view:



Message view of a blocked mail:



The file was just a regular pptx file, and is mentioned as such in the message view, yet the antivirus recognized it as being a tmp file. Also, I used "most of the time" because when the problem was first mentioned to me, I tried sending a pptx file and that worked, so it's not a flat block of all pptx files. I also asked a user to forward me the mail with attachment (internally) and then tried forwarding this to an external address and it got blocked 4 out of 5 times so 1 actually went through.

Any ideas what might cause this behaviour? Something to do with the contents of the pptx file maybe? But then why doesn't it block 100% of the time for the same file?

Thanks in advance!


This thread was automatically locked due to age.
Parents
  • SMTP log:

    2015:05:29-14:57:00 sophos-2 smtpd[6935]: SCANNER[6935]: id="1001" severity="info" sys="SecureMail" sub="smtp" name="email quarantined" srcip="*** from="***" to="***" subject="test 1" queueid="1YyJqO-0001nr-6r" size="3699559" reason="ext" extra="tmp"
    2015:05:29-14:57:00 sophos-2 smtpd[6935]: SCANNER[6935]: 1YyJqJ-0001na-0s Sending 'Message delivery incomplete' notification to ***



    The block list is too long for a screenshot but this is an export of the list:

    7z;ace;ade;adp;app;asp;bas;bat;cab;cer;chm;cmd;com;cpl;crt;csh;der;exe;fxp;gadget;gz;hlp;hta;inf;ins;isp;its;js;jse;ksh;lnk;mad;maf;mag;mam;maq;mar;mas;mat;mau;mav;maw;mda;mdb;mde;mdt;mdw;mdz;msc;msh;msh1;msh1xml;msh2;msh2xml;mshxml;msi;msp;mst;ops;pcd;pif;plg;prf;prg;ps1;ps1xml;ps2;ps2xml;psc1;psc2;pst;rar;reg;scf;scr;sct;shb;shs;tar;tmp;url;vb;vbe;vbs;vbx;vsmacros;vsw;ws;wsc;wsf;wsh;xnk;zip
Reply
  • SMTP log:

    2015:05:29-14:57:00 sophos-2 smtpd[6935]: SCANNER[6935]: id="1001" severity="info" sys="SecureMail" sub="smtp" name="email quarantined" srcip="*** from="***" to="***" subject="test 1" queueid="1YyJqO-0001nr-6r" size="3699559" reason="ext" extra="tmp"
    2015:05:29-14:57:00 sophos-2 smtpd[6935]: SCANNER[6935]: 1YyJqJ-0001na-0s Sending 'Message delivery incomplete' notification to ***



    The block list is too long for a screenshot but this is an export of the list:

    7z;ace;ade;adp;app;asp;bas;bat;cab;cer;chm;cmd;com;cpl;crt;csh;der;exe;fxp;gadget;gz;hlp;hta;inf;ins;isp;its;js;jse;ksh;lnk;mad;maf;mag;mam;maq;mar;mas;mat;mau;mav;maw;mda;mdb;mde;mdt;mdw;mdz;msc;msh;msh1;msh1xml;msh2;msh2xml;mshxml;msi;msp;mst;ops;pcd;pif;plg;prf;prg;ps1;ps1xml;ps2;ps2xml;psc1;psc2;pst;rar;reg;scf;scr;sct;shb;shs;tar;tmp;url;vb;vbe;vbs;vbx;vsmacros;vsw;ws;wsc;wsf;wsh;xnk;zip
Children
No Data