Video Screencast Help
Search Video Help Close Back
to help
New in the Rewards Catalog: Vouchers for "Symantec Technical Specialist" and "Symantec Certified Specialist" exams.

PDF files quarantined for violating "File Name Rule"

Created: 08 Mar 2010 | 6 comments
Bob-o's picture
Bob-o
0 0 Votes
Login to vote

 Having a problem after upgrading to SMSMSE 6.5.0.67. Whenever I enable the "File Name Rule" with  "Bypass scanning of container files" un-checked, all PDF files are quarantined for violating this rule. When "Bypass container..." option is checked, my PDF files are allowed through. The wildcard match list I am using is as follows:

*.AD?
*.APP
*.ASF
*.ASP
*.ASX
*.AUD
*.AVI
*.BAS
*.BAT
*.CHM
*.CMD
*.COM
*.CPL
*.CRT
*.CSH
*.DLL
*.EXE
*.FXP
*.HIV
*.HLP
*.HTA
*.INF
*.INS
*.ISP
*.JS
*.JS?
*.JTD
*.KIX
*.KSH
*.LNK
*.MD?
*.MIDI
*.MOV
*.MP1
*.MP2
*.MP3
*.MP4
*.MPA
*.MPB
*.MPC
*.MPD
*.MPE
*.MPEG
*.MPF
*.MPG
*.MPH
*.MPI
*.MPJ
*.MPK
*.MPM
*.MPN
*.MPO
*.MPQ
*.MPR
*.MPS
*.MPT
*.MPU
*.MPV
*.MPW
*.MPX
*.MPY
*.MPZ
*.MSC
*.MSI
*.MSP
*.MST
*.OCX
*.OFT
*.OPS
*.OVL
*.PCD
*.PIF
*.PL
*.PLX
*.PRF
*.PRG
*.REG
*.RS
*.SCF
*.SCR
*.SCT
*.SH
*.SH?
*.SYS
*.VB
*.VB?
*.VSS
*.VST
*.VSW
*.VXD
*.WAV
*.WMZ
*.WS?
discussion Filed Under:
,

Comments

Bob-o's picture
08
Mar
2010
0 Votes 0
Login to vote
Bob-o

 Forgot to mention that this

 Forgot to mention that this rule is under Policies->Content Enforcement->File Filtering Rules

TSE-JDavis's picture
08
Mar
2010
1 Vote +1
Login to vote
TSE-JDavis
Symantec Employee
Accredited

Then the PDF obviously has

Then the PDF obviously has some files inside of it that end with one of the extensions listed.

When you have a PDF file open in Adobe Reader, there is a paperclip on the bottom left that lets you view the files attached to the PDF. This may or may not show you the full list.

The bottom line is that PDFs are container files, just like ZIP files and DOCX files and there are files inside of them.

Bob-o's picture
10
Mar
2010
0 Votes 0
Login to vote
Bob-o

No, the PDF I'm testing this

No, the PDF I'm testing this with doesn't have any attached files that show up as a paperclip. Attached is the PDF I'm using to test this with.

I never had a problem with PDF's in version 6.0.x. I also tried to trim down the match list to this:

*.AD
*.ADE
*.ADP
*.ASP
*.BAS
*.BAT
*.CHM
*.CMD
*.COM
*.CPL
*.CRT
*.EXE
*.HLP
*.HTA
*.INF
*.INS
*.ISP
*.JS
*.JSE
*.LNK
*.MDB
*.MDE
*.MSC
*.MSI
*.MSP
*.MST
*.PCD
*.PIF
*.REG
*.SCR
*.SCT
*.SHB
*.SHS
*.URL
*.VB
*.VBE
*.VBS
*.VSD
*.VSS
*.VST
*.VSW
*.WSC
*.WSF
*.WSH
AttachmentSize
Update the Preferred Roaming List.pdf 12.11 KB
crossbones's picture
26
Mar
2010
0 Votes 0
Login to vote
crossbones

Exceptions

Do you have any exceptions in your rules?
Also, remember that any other filtering rules, even your AV scanning can affect what happens to these files.

Crystal
FPICJAX-Data Center
www.fpicjax.org

dave78's picture
27
Aug
2010
0 Votes 0
Login to vote
dave78

pdf problem

The current version of Symantec Mail Security will strip (or quarantine depending what your rule is) .pdf files if you have .js as a file type. Even if the .pdf contains no java script, they will be stripped. I found I had to change my .js to .js? to prevent .pdf's from being affected. Does anyone know if this is going to be fixed in the next version?

TSE-JDavis's picture
27
Aug
2010
1 Vote +1
Login to vote
TSE-JDavis
Symantec Employee
Accredited

What exactly about this do

What exactly about this do you feel is broken that needs to be fixed? We don't mistake file names. If there is a file inside the PDF container that matches, it will be caught. You can simply turn off detection inside of containers if this is not what you want us to do.

Technical Support

Symantec.com

Store

Community Stats

Total Content Items
Members
258,698