Messaging Gateway

 View Only

  • 1.  "Good Senders"-List for encrypted Attachments?

    Posted Sep 21, 2016 05:51 AM

    We receive many encrypted attachments that are legit, but also an increasing number that are viruses. And we can't block all encrypted attachments because we need to receive the important ones. So we have configured the malware policy to hold all e-mails with encrypted attachments to the Spam Quarantine, and we have to check and release the "good" e-mails manually from the Quarantine every day. This makes us a lot of stupid work.

    The Reputation-List ("Local Good Sender Domain") will not work to bypass the malware scanning.

    It is possible to make an improvement here? In Example, move the "encrypted Attachments"-Rule from the "Malware"-tab to the "Content"-tab, so I can create a Dictionary with "good" senders which the "encrypted"-Rule can be skipped?

    Best Regards

    Rolf



  • 2.  RE: "Good Senders"-List for encrypted Attachments?

    Posted Sep 22, 2016 06:52 AM

    Hi Rolf,

    You could try adding a custom header field, eg x-custom: encrypted within malware detection for encrypted attachment and go on with content rules.

    I havent tried it in that special case but i use it with spf-soft and hardfails and exceptions for that.

    Regards

    Thomas



  • 3.  RE: "Good Senders"-List for encrypted Attachments?

    Posted Sep 26, 2016 10:14 AM

    Hi,

    unfortunately that does not work. I had already received this proposal from the Symantec Support, but they have revoke it on the same day.

    My tests confirm that it does not work that way.

    The Problem is the malware filter (especially encrypted attachment filter) and the content filter rules cannot be combined, because the processing is not in succession, but instead in parallel (multitasking).

    Regards

    Rolf