Blocking password protected attachments using Symantec™ Mail Security 4.x for Microsoft Exchange

Article:TECH82034  |  Created: 2004-01-05  |  Updated: 2013-10-22  |  Article URL http://www.symantec.com/docs/TECH82034
Article Type
Technical Solution


Environment

Issue



Some viruses can arrive in a password protected ZIP file or other archive. An example is the W32.Beagle virus and its variants. You want to block attachments that are password protected. Symantec Mail Security 4.x for Microsoft Exchange is set up.


Solution



Setting up the Encrypted File Rule in Symantec Mail Security 4.x for Microsoft Exchange is a means of blocking password protected attachments. To set it up, use the following steps:
  1. Do one of the following:

    Single Server
    Click Start > Programs > Symantec MS for Microsoft Exchange > Symantec Mail Security for Exchange.

    Multi-server console
    In the left pane click on a server group. (Click on the server group you want to block password protected attachments on).
  2. In the left pane, click Policies > Standard Policy > Exception Subpolicy.
  3. In the right pane, click Edit for Encrypted File Rule.
  4. Under the section, "When an encrypted or protected file is detected," select one of the following actions:

    WARNING: Messages and attachments deleted using any "Delete" option are not recoverable.

    "Delete entire message"
    "Quarantine attachment/message body, replace with text description"

  5. Under the section Email Alerts, uncheck alerts not needed.

    Note: Check Enable,"To Administrators", when you want to know when SMS for Exchange blocks encrypted attachments.
  6. Click Save.




Technical Information
The following is a partial list of common viruses which use password protected zips:


W32.Beagle.F@mm
W32.Beagle.G@mm
W32.Beagle.H@mm
W32.Beagle.I@mm
W32.Beagle.J@mm
W32.Beagle.K@mm

For further information about a specific virus, please consult the Symantec online Virus Encyclopedia.



Legacy ID



2004030514092954


Article URL http://www.symantec.com/docs/TECH82034


Terms of use for this information are found in Legal Notices