Attachment filter SOMETIMES not working RSS

1

Hello together,
we have several "Attachment filtering" rules active (same for Word/Access and so on):

1) filter by attachment name:
.*\.(xls|xlt|xlm|xlsx|xlsm|xltx|xltm|xlsb|xla|xlam|xll|xlw)$ (as regular expression)

2) filter by mime type:
application/vnd.openxmlformats-officedocument* (as simple text)

Under Filtering -> Tests -> Configure Whitelist Execptions > "Tests to be performed even whre the email is whitelisted" "Attachment Filtering Test" IS ACTIVE.

MOST incoming mails with corresponding attachments are replaced with a text notice (as defined).... but only MOST and not all.

10 Minutes ago i got a email with an Excel Attachment. PropertiesType of these Excel spreadsheet is "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet" and name was "Mappe2.xlsx"

Why are not ALL emails with these attachment types filtered out?

Kind regards
Uwe

by uwe.kortkamp 2 years ago
2

Hello Uwe,

If you use a single combined rule (i.e. the 'Filter by MIME content type' and 'Filter by attachment name' options are both enabled in the Attachment Filtering Properties dialog) to remove Excel attachments, I suggest that you create two separate entries on the Attachment Blacklist page instead (one with the regex, and one with the simple text expression) and see if that solves the problem. When the expressions are combined in a single entry, both filter conditions must match to blacklist the attachment and this may not occur all the time. Also, please note that the Attachment Filter test cannot scan into archives (e.g. ZIP, RAR, 7z etc.) and will not recognize renamed extensions either.

As for the Whitelist Test Exception settings, there are two whitelist tests that take precedence even over the excepted blacklists tests, these are the 1) Authentication Whitelist and the 2) IP Whitelist tests. If the email in questions was whitelisted by the IP Whitelist test, then you should consider removing the matching entry from the list and whitlisting the sender by other means (e.g. the Sender Whitelist).

Please let me know if this has helped.

by Daniel Novak (Vamsoft) 2 years ago
3

Hello Daniel,
thanks for your fast reply.

The rules, in the manner described, are two different rules (therefore 1 and 2).
ZIP/RAR etc. are OK - this SHOULD be the way someone sends us an Office Attachment.

But, you are right - this sender IS in the IP-Whitelist (just in this moment i found this instruction in the help-file :-))

...so it's by design and not a bug!?

I think i will have to reconsider my IP-Whitelist entrys....

Thanks again - so Call can be closed :-)
Uwe

by uwe.kortkamp 2 years ago
4

Addition:
Maybe for further versions...
The possibility to check/uncheck IP-Whitelist

or

two deactivated, grayed out buttons with both exeptions... i think many customer read only "Tests to be performed even when the email is whitelisted" - and dont read your help-file :-)

Kind regards again
Uwe

by uwe.kortkamp 2 years ago
5

@uwe.kortkamp: Thank you for the update Uwe, I am glad to hear you found the culprit. Unfortunately, we cannot allow any of the blacklist tests to override the IP Whitelist, because in some environments it is also responsible for whitelisting outbound emails, and subjecting outbound emails to blacklist tests would cause a lot of problems - so yes, the reported behavior is by design.

I will forward your suggestion regarding the user-interface change to our lead developer. Thank you for your feedback :)

Best regards,
Daniel

by Daniel Novak (Vamsoft) 2 years ago
(in reply to this post)

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed