Hello,
On the Messaging Gateway, I'm looking for a way to use content filter policies to search for and perform actions on inbound emails based on the attachment file name. With the influx of ransomware attached to Word docs, I'd like to go a step beyond the disarm and prevent our users from seeing the message in the first place.
Below is the regex that I would use, as an example:
(scan|payment|invoice|shipping.*)_(subpoena.*|[0-9][0-9][0-9][0-9].+).doc\b/ig
I can put the regex into a pattern, but then in the content filter I can only search the email content with that pattern, not the attachment file name (or so I can tell). It seems no matter which field I put it in, it will not match attachment names.
I have tried attachment lists, however they do not meet my requirements; I am looking for very specific modeling of the file name, whereas it's [WORD][<underscore>][5-8 digit number][.doc/.docm/.docx]. Using only the word catches a lot of false positives because our vendors send a lot of legitimate emails with INVOICE, SCAN, and PAYMENT in the file name. They generally do not use the specific format listed above.
I would like to request this as a feature to be added to SMG if possible, matching attachment file names using regular expressions (or patterns). Doing a web search, I see I'm not the only one looking for similar functionality.