Messaging Gateway

Hi,

We are running Brightmail v. 9.0

And I would like to know how we could allow xlsx files with macros.

Currently we have a  policy which allows document files:
----------------------------
Condition:
If the file metadata is in the attachment list "Office 2007 Documents" (where Office 2007 Documents is a self created list with office 2007 file types )
If the file metadata is in the attachment list "Document Files"  (the given one)

Action:
Deliver message normally
----------------------------

This works pretty good. Messages are delivered normally.


But in the next step, our other policy:
----------------------------
Condition:
If the file metadata is in the attachment list "Executable Files"

Action:
Send notification "Executable File Violation"
Create quarantine incident in "Manual Review"
     Message Review Approved Actions
     Deliver message normally
     Message Review Rejected Actions
     Delete message
----------------------------

Now, if a mail with an xlsx file with macro receives...

The system delivers the massage normaly to the user.
And the user receives the Notification text in "Executable File Violation" in a separate email.
An informational incident is created as well.

My target is. If an xlsx file with macro is sended, the system should allow them without running the second policy(executable file policy).
All other executable files should still be blocked with the executable file policy.

Any idea how to solve this?

Thanks in advance

You could try playing with the priority but this is expected behaviour. A macro is an executable file, so you can't have it both ways. We are a multi-verdict engine and there is no function to tell us to stop looking at other rules when a rule is processed.

Thanks. Your suggestion with the proirity worked.