File name rule configured to block attachments with .msg or .eml extension fails to take action.

Article:TECH122849  |  Created: 2010-01-29  |  Updated: 2014-01-08  |  Article URL http://www.symantec.com/docs/TECH122849
Article Type
Technical Solution


Issue



The file name rule has been configured to filter attachments, but it is not taking action against .msg or .eml attachments. What can be done?

Conditions
The file name rule works successfully for all configured attachments, except *.eml and *.msg


 


Cause



Symantec Mail Security for Microsoft Exchange (SMSMSE) cannot determine whether a .eml or .msg file is an attachment or a message body during Exchange transport (if attached using certain email clients), and as a result will not take action to avoid quarantining legitimate message bodies.


Solution



This problem is fixed in Symantec Mail Security 6.0.10 for Microsoft Exchange and later, including version 6.5. To learn how to obtain the latest version, read Where to download the latest version of Symantec Mail Security for Microsoft Exchange.

In previous versions, as a workaround, SMSMSE can be configured to scan these attachments. However, be aware that this workaround could cause the rule to quarantine the entire message body instead of just the violating attachment.

To configure the scanning of embedded attachments

  1. Open the registry editor (Start -> Run -> Regedit)
  2. Navigate to HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SMSMSE\6.5\Server\Components\SMTP
  3. Create a new DWORD value called RecursionEnabled
  4. Set the value to 1
  5. Exit the registry editor.
  6. Restart the Microsoft Exchange Transport service and the Symantec Mail Security for Microsoft Exchange service.



Expected Behavior

  • Without workaround: Embedded attachments with the extension .msg or .eml will not be scanned for content filtering violations.
  • With workaround: Embedded attachments will be scanned, but if a violation is found, in certain circumstances SMSMSE will quarantine the message body in addition to the attachment that violated the rule.





 



Legacy ID



2010012916034454


Article URL http://www.symantec.com/docs/TECH122849


Terms of use for this information are found in Legal Notices