Attachment filtering exceptions RSS

1

Hi,

is it somehow possible to filter all office attachments except when it's received from sender ?

Regards
Norbert

by NorbertFe 3 months ago
2

@NorbertFe: Hello Norbert,

Unfortunately this is not yet possible in ORF, but the good news is that next major release - which is scheduled for early Q4 - will introduce this feature as well.

by Daniel Novak (Vamsoft) 3 months ago
(in reply to this post)

3

Thanks Daniel. Than I'll have to wait and stall my users a bit. ;)

by NorbertFe 3 months ago
4

Would unchecking "Attachment Filtering Test" in the whitelist exception help by whitelisting the senders included in the autosender whitelist from attachmentblocking? With the risk of wrong entries in the aws list.

Regards
Norbert

by NorbertFe 3 months ago
5

@NorbertFe: Yes, it would help. The reason I did not mention this is because this would exclude *all* whitelisted senders from Attachment Filtering, which might cause problems should the system of the trusted sender get compromised or infected.

by Daniel Novak (Vamsoft) 3 months ago
(in reply to this post)

6

Yes I'm aware of that. I do have two choices at this time. ;) sending all filtered (valid) attachments to my users (kind of pita for both sides) or allowing it for aws members with the risk you mentioned.

by NorbertFe 3 months ago
7

I presume you have an antivirus configured to check the attachments for malware anyway, so disabling the Attachment Filtering Test in the Whitelist Test Exceptions dialog would not be that risky, but it would increase the chance of malicious files getting through, nonetheless.

by Daniel Novak (Vamsoft) 3 months ago
8

Yes Antivirus is running after the encryption gateway. ;)

by NorbertFe 3 months ago
9

@Daniel Novak (Vamsoft): Hi Daniel,

are you sure the aswl feature takes precedence over the attachment filtering agent? I cleared the checkbox in the Whitelist Test Exceptions and checked, that the sender/recipient are existent in the aswl database (SQL in my case), but still the attachments are replaced and put into quarantine. I'm running the latest ORF Fusion 5.5 on 2 Edge 2016 with CU10 (since yesterday, CU9 before).

Regards
Norbert

by NorbertFe 3 months ago
(in reply to this post)

10

@NorbertFe: Yes, every whitelist takes precedence over the Attachment Filtering test when it is marked disabled in the 'Tests > Whitelist Test Exceptions' dialog. Is the Auto-Sender Whitelist (ASWL) assigned to the 'On Arrival' filtering points? Try to re-save the configuration (Ctrl + S) just to make sure that the most recent settings are used by ORF. Also, the ASWL test has three whitelist options that control for which recipients should the sender be whitelisted. You might want to double-check those settings (Whitelists > Auto Sender Whitelist > Settings).

by Daniel Novak (Vamsoft) 3 months ago
(in reply to this post)

11

Hi Daniel,

I did re-save the configuration multiple time. The aswl is per recipient with a lifetime of 720h. So I guess something's not right. Can anyone check this with their own configuraiton?

by NorbertFe 3 months ago
12

@NorbertFe: and it's configured "before" arrival, if thats making any difference.

by NorbertFe 3 months ago
(in reply to this post)

13

Yep, that is the problem. Since the Attachment Blacklist runs at the On Arrival filtering point, the Auto Sender Whitelist - and any other whitelist - should be assigned to the On Arrival filtering point as well.

Please try the above and let me know whether this has fixed the problem.

by Daniel Novak (Vamsoft) 3 months ago
14

OK I assigned it to both, so it should work I guess. I keep you posted.

by NorbertFe 3 months ago
15

Hi Daniel,

that did the trick. I can live with this configuration for now, but the Filtering exceptions would still be nice to have.

Regards
Norbert

by NorbertFe 3 months ago
16

@NorbertFe: I am glad to hear that, and I can assure you that the Attachment Filter exceptions are in the works :)

by Daniel Novak (Vamsoft) 3 months ago
(in reply to this post)

17

Hi Daniel,

looking forward to this feature. :)

by NorbertFe 3 months ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed