Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 10 replies
  • Subscribers 0 subscribers
  • Views 24021 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Attachment Filter

Azwan

Hi all,

I receive product feature or setting inquiring regarding sophos email appliance.

customer inquiring if sophos email appliance have setting or features like MIME Sweeper Attachment Filtering.

Whereby every email from outbound with attachment will be quarantine and email will be deliver to enduser with banner to contact IT for attachment release.

I have check email appliance setting and the setting can be configured except email that deliver to end user contain only banner and header, Can someone help me or have any information reagrding this setting?. Thanks

:18927


This thread was automatically locked due to age.
  • 0

    Hi Azwan,

    It should be possible to set this up.  In fact, we have a default rule which does this automatically for you.  Take a look at:

    'Configuration > Policy > Anti-Virus > SophosLabs Suspect Attachments to all'

    This won't remove every attachment, but will remove any attachments that are identified by SophosLabs as suspicious/infectable.

    Alternatively, you can setup your own rules to remove attachments.  When creating the rule you need to select 'Quarantine, drop file(s) and continue' on the Main Action tab.  The user will still receive the message, but the attachment will be removed.  You can then use the 'Additional actions' tab to also add a banner to the message. 

    In both cases, the complete message (including attachments) could still be released from quarantine by an Administrator.

    Hope this helps - let me know if you have any questions.

    Tom.

    :18959
  • 0

    Hi TomA,

    I already configured additional policy as suggested, attachment successfully quarantine tested by using virtual ?sophos email appliance.

    User receive the email without attachment however the email only contain header and  banner without original body message.


    Below are additional policy setting that currently configured.

    Rules type -> Attachment type list
    Main Action -> Quarantine, drop file(s) and continue
    Additionla Action -> Add a banner to the top of the message

    :18965
  • 0

    Hi Azwan,

    You're rule sounds OK to me.  Only the attachment should be removed.

    Does this happen for one particular e-mail, or all e-mails?  I would recommend to contact our support team with a sample of the message so we can look into this further.

    Thanks,

    Tom.

    :19061
  • 0

    Hello Tom,

    After testing and policy setting I have verified that sophos email appliance dont have the features like MIME Sweeper filter attachment to quarantine all attachment and deliver original email to end-user.

    Quarantine, drop file(s) and continue policy success to filter all attachment however user didn't receive original email complete with body message, sophos email appliance only sent copy of email with banner to end user . Thanks

    :19191
  • 0
    Hello Tom and Azwan,

    excuse me for intruding - reading Azwan's post I think what he (better: his customer) wants is the attachment to be held with an according message to the user. Upon user's request (directly or through IT) the original message including the attachment should be released to the user. This correct, Azwan?
    I'm sure this can be done but I have no experience with PMX or the appliance.

    Christian
    :19197
  • 0

    Hello Christian,

    Customer required all incoming email with attachment will be scan and only quarantine attachment

    Original email will directly sent to end-user, currently sophos email appliance only sent a copy of email with banner message.

    :19223
  • 0

    Hello Azwan,

    I see - the body of the mail is missing and there's just the banner instead of banner+body-attachment, right?

    Christian

    :19227
  • 0

    Hello Christian,

    Yes....I think Puremessage have that option but I don’’’’t have time or opportunity to check it .

    :19231
  • 0

    Hi Azwan,,

    Sorry to hear you are sitll encountering problems.  The 'quarantine, drop files, and continue' action is designed to leave the body intact.   The user should receive the banner & the body of the message.

    We use this action in our 'SophosLabs suspect attachments' rule and it works well. 

    However, if you are actually quarantining all file types the Email Appliance could have viewed the message body as a restricted attachment and remove it (depending on the format of the message)

    Can you describe how your rule is setup?  Rather than quarantine all attachments I'd recommend to exclude certain types of attachments (such as .txt) to prevent unwanted parts of the message being removed.

    If you can call our support team to provide more info they can raise a bug if this is not working as expected.

    Thanks,
    Tom.

    :19243
  • 0

    Hello Tom,

    TQQQQQQ...it’’’’s been a week I think, when I read your post today "Rather than quarantine all attachments I'd recommend to exclude certain types of attachments (such as .txt)” its struck me that you are right.

    Policy setting is to quarantine all attachment (*.*) for inbound email, Once I have configured to quarantine file that I have listed in rule config end-user(**VM testing PC) successfully received original email complete with email body and banner without attachment

    It's a bit complicated. When it works, it will work wonders. Need to spend some time to configure and understand the entire infrastructure, I just need to send this information to customer that Sophos email appliance can provide their requirement .

    :19247
Unfiltered HTML