Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 6 replies
  • Subscribers 0 subscribers
  • Views 20182 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Encrypted attachments getting quarantined (PureMessage for Unix)

Pubudu

Lately I have observed that Encrypted (Password protected) attachments are getting quarantined as "Suspect" under the policy rule "Quarantine mail containing suspicious attachments".

The file types are quarantined are,

* Microsoft excel .xlsx   or  .xls

* Zip archives   .zip

My users are used to send password protected excel files as a precaution on files containing sensitive data such as account details, etc.

This is a recent development and I am pretty sure that this was not enforced previously on these type of attachments. Encrypted PDF documents are still passing through without any issues. I wonder if anyone else have come across this and I strongly believe this change should not have been made.

Kind regards,

Pubudu.

:1681


This thread was automatically locked due to age.
Parents
  • 0

    Within Puremessage for Exchange, encrypted attachments are handled via the Transport (SMTP) Scanner under the Anti-Virus Options through the System Configuration options. You can verify how your policy is configured to handle certain extensions there.

    Based on the Suspect flag, the policy is properly handling the encrypted section but somehow the Content section of the SMTP scan is then get triggered. You can review how suspicious attachments are being handled through this part of the policy, allowing you to choose with extensions should be flagged and potentially which ones can be exempted. Section 5.5.5.2 and 5.5.5.3 cover the appropriate suspect rules, focusing on what to do based on name and type.

    If this problem still persist and you continue to run into any difficulties, you should then open a case with our support team, who can help review your policy along with the rest of your Puremessage configuration to see what's going on.

    :20463
Reply
  • 0

    Within Puremessage for Exchange, encrypted attachments are handled via the Transport (SMTP) Scanner under the Anti-Virus Options through the System Configuration options. You can verify how your policy is configured to handle certain extensions there.

    Based on the Suspect flag, the policy is properly handling the encrypted section but somehow the Content section of the SMTP scan is then get triggered. You can review how suspicious attachments are being handled through this part of the policy, allowing you to choose with extensions should be flagged and potentially which ones can be exempted. Section 5.5.5.2 and 5.5.5.3 cover the appropriate suspect rules, focusing on what to do based on name and type.

    If this problem still persist and you continue to run into any difficulties, you should then open a case with our support team, who can help review your policy along with the rest of your Puremessage configuration to see what's going on.

    :20463
Children
No Data
Unfiltered HTML