Attachment filtering exceptions RSS

1

Hi,

is it somehow possible to filter all office attachments except when it's received from sender ?

Regards
Norbert

by NorbertFe 4 weeks ago
2

@NorbertFe: Hello Norbert,

Unfortunately this is not yet possible in ORF, but the good news is that next major release - which is scheduled for early Q4 - will introduce this feature as well.

by Daniel Novak (Vamsoft) 4 weeks ago
(in reply to this post)

3

Thanks Daniel. Than I'll have to wait and stall my users a bit. ;)

by NorbertFe 4 weeks ago
4

Would unchecking "Attachment Filtering Test" in the whitelist exception help by whitelisting the senders included in the autosender whitelist from attachmentblocking? With the risk of wrong entries in the aws list.

Regards
Norbert

by NorbertFe 4 weeks ago
5

@NorbertFe: Yes, it would help. The reason I did not mention this is because this would exclude *all* whitelisted senders from Attachment Filtering, which might cause problems should the system of the trusted sender get compromised or infected.

by Daniel Novak (Vamsoft) 4 weeks ago
(in reply to this post)

6

Yes I'm aware of that. I do have two choices at this time. ;) sending all filtered (valid) attachments to my users (kind of pita for both sides) or allowing it for aws members with the risk you mentioned.

by NorbertFe 4 weeks ago
7

I presume you have an antivirus configured to check the attachments for malware anyway, so disabling the Attachment Filtering Test in the Whitelist Test Exceptions dialog would not be that risky, but it would increase the chance of malicious files getting through, nonetheless.

by Daniel Novak (Vamsoft) 4 weeks ago
8

Yes Antivirus is running after the encryption gateway. ;)

by NorbertFe 4 weeks ago
9

@Daniel Novak (Vamsoft): Hi Daniel,

are you sure the aswl feature takes precedence over the attachment filtering agent? I cleared the checkbox in the Whitelist Test Exceptions and checked, that the sender/recipient are existent in the aswl database (SQL in my case), but still the attachments are replaced and put into quarantine. I'm running the latest ORF Fusion 5.5 on 2 Edge 2016 with CU10 (since yesterday, CU9 before).

Regards
Norbert

by NorbertFe 3 weeks ago
(in reply to this post)

10

@NorbertFe: Yes, every whitelist takes precedence over the Attachment Filtering test when it is marked disabled in the 'Tests > Whitelist Test Exceptions' dialog. Is the Auto-Sender Whitelist (ASWL) assigned to the 'On Arrival' filtering points? Try to re-save the configuration (Ctrl + S) just to make sure that the most recent settings are used by ORF. Also, the ASWL test has three whitelist options that control for which recipients should the sender be whitelisted. You might want to double-check those settings (Whitelists > Auto Sender Whitelist > Settings).

by Daniel Novak (Vamsoft) 3 weeks ago
(in reply to this post)

11

Hi Daniel,

I did re-save the configuration multiple time. The aswl is per recipient with a lifetime of 720h. So I guess something's not right. Can anyone check this with their own configuraiton?

by NorbertFe 3 weeks ago
12

@NorbertFe: and it's configured "before" arrival, if thats making any difference.

by NorbertFe 3 weeks ago
(in reply to this post)

13

Yep, that is the problem. Since the Attachment Blacklist runs at the On Arrival filtering point, the Auto Sender Whitelist - and any other whitelist - should be assigned to the On Arrival filtering point as well.

Please try the above and let me know whether this has fixed the problem.

by Daniel Novak (Vamsoft) 3 weeks ago
14

OK I assigned it to both, so it should work I guess. I keep you posted.

by NorbertFe 3 weeks ago
15

Hi Daniel,

that did the trick. I can live with this configuration for now, but the Filtering exceptions would still be nice to have.

Regards
Norbert

by NorbertFe 3 weeks ago
16

@NorbertFe: I am glad to hear that, and I can assure you that the Attachment Filter exceptions are in the works :)

by Daniel Novak (Vamsoft) 3 weeks ago
(in reply to this post)

17

Hi Daniel,

looking forward to this feature. :)

by NorbertFe 3 weeks ago

New comment

Fill in the form below to add a new comment. All fields are required. If you are a registered user on our site, please sign in first.

Nickname:
Email address (will not be published):
Your comment:

ORF Technical Support

Configuring, installing and troubleshooting ORF.

News & Announcements

Your dose of ORF-related news and announcements.

Everything but ORF

Discuss Exchange and system administration with fellow admins.

Feature Test Program

Feature Test Program discussion. Membership is required to visit this forum.

ORF Beta

Join the great bug hunt of the latest test release.

Customer Service

Stay Informed