PDF attachment files trigger the Executable Files rule in Messaging Gateway
search cancel

PDF attachment files trigger the Executable Files rule in Messaging Gateway

book

Article ID: 175423

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

After upgrading to Messaging Gateway 10.7, you find that PDF attachements are triggering an Executable Files content filtering rule. If you are using the default Delete Executable Files Violations content rule, this will cause some PDF attachments to be deleted.

Message Audit Logs will show the PDF file in the "Identified attachment(s)" list, but in the "Suspect attachment(s)" list it will show javascriptfile.js.

Environment

Messaging Gateway

Cause

The malware scanning engine was improved in Messaging Gateway 10.7 and later releases, which resulted in a change in how files are scanned and embedded items are detected.

The javascriptfile.js is an embedded file within the PDF and is being detected as an executable file type. The filename extension ".js" is what is triggering the rule.

Resolution

To change this behavior, remove the .js extension from the attachment list used by the content filtering rule that has taken action on the message.

If you are using the default Delete Executable Files Violations content rule and the default Executable Files (default) attachment list, you can address the issue as follows:

  1. Log into the SMG Control Center as admin or another account which can modify policies
  2. Go to Content > Attachment Lists
  3. Select the Executable Files (Default) list and click "Copy"
  4. Rename the attachment list to something meaningful
  5. Remove the "Extension is js" entry from the Attachment Types by selecting it and clicking Delete
  6. In the Content > Email policies page, select the Delete Executable Files Violations policy and click Edit
  7. Edit the If the attachment or body part is in the attachment list "Executable Files (default)" Condition
  8. Change the attachment list from the default to the new attachment list
  9. Click Update Condition
  10. Click Save

Note

Extension checking is not generally reliable and True Type file checking is the recommended way to determine a file's actual type.

 

 

Powered by Wolken Software