Block File Extension List Serverwide
Idea shared by CCWH - February 8, 2015 at 8:53 AM
In Progress
Hello all,
 
I have been made aware that certain file extensions (as attachments) that I would have expected to be blocked by default are being let through, such as .bat.
 
I see there is a Domain Settings way of using Content Filtering.  However, it seems to be on a domain by domain basis.  How would I complete this task as a mail server admin to cover all domains?

54 Replies

Reply to Thread
1
Hoping for ST staff to see this one?  There must be a way for the mail server to block certain file extension attachments?
2
CCWH, currently SmarterMail does not block attachments by file extension.  I have added this to our features request list for further discussion by the dev team.  Also, I am changing the thread to an Idea to facilitate community voting and development tracking.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Thanks Robert. Certainly surprised it's not part of the admin tools as it seems the feature is already there be it on a domain by domain basis. If it were made available to the mail server admin it would enhance the security of the mail server. Thanks for the thread change, hopefully it will be a positive result.
0
Just for clarifications, are you wanting the violating attachment to be stripped from the message, but the message still delivered? Or the whole message deleted similar to how the current content filtering can be configured?
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Interesting, I didn't realise that the per domain content filtering couldn't remove the attachment and deliver the email. Ideally the email would be delivered according to normal spam filtering and if delivered the file is replaced with a .txt file. If that is not possible within SmarterMail then at least the email could be deleted with a notification sent to the intended recipient.
2
I thought about this and there are ways to block attachments of your choice if you want to make a few tweaks.  Two ways come to mind.
 
First off you could write a ClamAV signature that would block whatever you wanted.  I found one that blocks .exe files inside a .zip attachment.  It could easily be modified to block any file attachments you wanted.  If you use this method you would have to set up the signature each time you update or upgrade SmarterMail.
 
Secondly, if you're using a full version of SpamAssassin (like SpamAssassin In A Box) you could use the MIMEHeader plugin and block any file extensions you wanted.
 
-Joe
Thanks,
-Joe
0
Thanks Joe. Potential there. I'd still prefer a built-in solution. It would certainly be of security benefit as the easier it is the more it will be implemented.
0
I agree, but just posting that there are ways to accomplish the task if desired.
Thanks,
-Joe
0
Indeed. My only issue is that we'll need to research and test for each extension and then re-add the configuration each time we upgrade. The latter is OK I guess but the initial finding the right information is going to be tricky. Had a quick look and seems to be trial and error.
2
This needs to be added as a serverwide feature and I'm shocked it's not there, I guess I assumed it was built-in and already configured for the obvious, .zip, .exe, .bat, com etc etc. Competing products like MailEnable and MailSite have this ability.
0
Unfortunately I am with you Brian. Hopefully this thread gets a enough likes and it goes from Proposed to Planned!
0
I may have an answer for this tomorrow.
Thanks,
-Joe
2
I've seen a big up-turn in malware being delivered by dodgy ZIP files or .gz files. I would like to block both as I am worried about crypto-locker especially
2
Admin - Any updates on this request please?
1
Any updates?
1
BUMP Any updates on this topic?
0
I did this same thing with simple content filter...not elegant but worked.
Remember kids, every time a spam message gets blocked, a nerd gets their glasses. spamhurts/July 15
0
Any ST staff input on this one please?
1
We use MessageSniffer and Bruce Barnes's recommendations and had a .jar file get through today. This feature would be very helpful. @SpamHurts I looked at the Custom Content filter but was having a little trouble. Can you or anyone offer some recommendations to filter a .jar?
 
 
1
I really am disappointed there is just silence on this.  Not only has it been voted up but it should be a basic security feature!  I see this thread being ignored by those who could do something about it.  Why use just AV when simple file extension blocking on an admin based level can be implemented.  Two main SmarterMail competitors do this out of the box....and that does not include MS Exchange!
0
If you're detecting file extensions, the option should be there to block certain extensions but also RENAME a particular extension, so the file can still be downloaded.  An example would be to rename a .zip file to .zi1 (or some such) so that it will typically not directly execute, but would need to be renamed before it could be opened/unpacked.
 

 
0
yes, we need block, .exe, .bat. .cmd
1
I'm going to give this one last go......
 
Any SmarterTools staff care to comment in any way shape or form on this ongoing request dating back to the beginning of this year?  It really irritates me how threads are being cherry picked.....
0
This is a common sense issue, and should really be a part of basic content filtering.
4
This has been slated for inclusion in the SmarterMail 15 release.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Thank you. Will you please heavily consider the following for version 15 also. You will make a lot of people happy with this one as well.

http://portal.smartertools.com/community/a86872/multi-tenant-ad-integration-for-single-sign-on.aspx

I'm willing to be a guinea pig for a test module.
0
Is this function already included in SM15?
0
BUMP Did either the server-wide attachment block or multi-tenant AD feature make it into 15?
1
Any word in this?
Kendra Support
http://www.kendra.com
support@kendra.com
425-397-7911
Junk Email filtered ISP
0
Hi, Joe, can you tell us more about how you might deploy the MIMEHeader plugin in SpamAssassin? I am looking in the SpamAssassin manual at http://spamassassin.apache.org/full/3.1.x/doc/Mail_SpamAssassin_Conf.html but I am not finding mention of the MIMEHeader plugin. It looks useful. Thank you as always for sharing your expertise. best from Eric
1
Hi,
 
Still waiting for this development....
 
1
And now its July. Any word?
Kendra Support
http://www.kendra.com
support@kendra.com
425-397-7911
Junk Email filtered ISP
6
I'm chiming in just because I believe it's an important feature. I've had a client hit with a Cryptolocker infection that got past our SM security features. ClamAV didn't catch it, not surprised. Since then, I enabled Declude in addition to our existing Commtouch for spam, and configured Declude to scan zips and delete if they include executables, bat, com, pif, jar, js, exe, etc. as well as any email with those attachments outside of compressed archives.
 
Declude seems to do this quite effectively but why isn't this kind of thing build into the product? I don't think that basic security functions which don't rely on real-time or daily updates need to be outsourced to plugin vendors. I would think that it would be much more efficient to handle this at the mail server level rather than at an add-on, system service level. This is no slight to Declude as it does what it says it will do, but configuration requires logging into the Windows server console to configure. It'd be VERY convenient to be able to do this via Smartermail interface as system admin.
 
I say this without in anyway criticizing ST developers, but doesn't it make basic sense to have this kind of thing baked in to the server? Attachment scanning and filtering?
 
Thanks,
 
Matt
0
Any update? We went as far as scripting a way to search over all email files and find ones that have attachments and search that attachment if it has a ban ext. and report that back to a sql server where it is then email out to the "host" master to be review for any problems.
 
What we like to do is remove/disable said attachment from both outgoing, sent, and inbox folder instead. I got pretty close to removing or blocking it - but failed to be able to change the file in a way that doesn't effect the file content (had a weird issue where all email zero out at the end of the day). If anyone has information about how to mess with these files - I be ok with that as well as a work around.
0
This has only been in the works for a year and a half.
Maybe Tim can chime in and give us a excu...Update on this.
Kendra Support
http://www.kendra.com
support@kendra.com
425-397-7911
Junk Email filtered ISP
1
Filtering attachments by file extension. There should be an easy button for developers to incorporate this. In Antispam Administration, custom rules can scan header, body, and raw content, but not attachment extension. I really like SmarterMail and think you guys do a great job but in all fairness you deserve a demerit on this.
 
Matt
0
Another thought: if you are using a Sonicwall firewall with Enhanced firmware, and the proper add-ons, I believe you can filter email attachments by extension.
4
Is their any update on this are our client have just been bombarded with zip files and we have no way of blocking them at source ?
1
Any update on this feature ? It would be very useful to prevent cryptolocker and other malware.
Why SmarterTools not consider this implementation ?
 
0
Maybe the target date is Feb 8th 2018 (3 years from the original post).
Kendra Support
http://www.kendra.com
support@kendra.com
425-397-7911
Junk Email filtered ISP
0
No it did not, wont even make it into the initial release of SM16 (probably wont make it into v16 at all).

Christopher

1
Yea, this fell through the cracks. We separated incoming and outgoing Extension blacklists but did not add the functionality for additional extensions to be added by the Domain Administrator.
 
We will have a minor of 16.x with this functionality.
 
Hope this helps,
 
 
Tim Uzzanti
CEO
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
https://gph.is/2d8sebJ
Tim Uzzanti
CEO
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Will V15 get the update?
Kendra Support
http://www.kendra.com
support@kendra.com
425-397-7911
Junk Email filtered ISP
0
v16 is our current version and gets all new functionality, features and bug fixes.

v15 gets bug fixes
Tim Uzzanti
CEO
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
v17 is already 50% completed. Were a couple months from BETA.
Tim Uzzanti
CEO
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
So your software designers li... (Misinformed us) on Sept 21st, 2015?.

" Robert Emmett Replied
September 21, 2015 at 3:04 PM
Employee Post
This has been slated for inclusion in the SmarterMail 15 release.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
"
Kendra Support
http://www.kendra.com
support@kendra.com
425-397-7911
Junk Email filtered ISP
0
Not every feature that we have planned for a version will make it into that version. Its a very fluid process. This isn't something exclusive to SmarterTools but impacts all software development companies including Microsoft, Apple etc.

I have been waiting for iMessage integrated with iCloud so that it syncs across all my devices . Apple was supposed to release this with iOS 11.

I was waiting for the People Hub in Windows 10 with Redstone 1 but only became available in a trimmed down version in Redstone 2 - six months later.

If your not running v16 you should. The protocols in SmarterMail v16 are so much more improved its night and day. There are 100's of optimizations and improvements at the core of SmarterMail that improve CPU, Memory and Disk i/o. We have so many new self-check routines that fix legacy mailboxes that could cause server issues. There are too many new features in v16 to even count and we have continued to add them 8 months after the release!

Not sure if your aware that all Software Companies have "Known Problems" which are bugs that are NOT publicly made available. Many companies have 1,000's of these that never really get time and attention. Companies slowly work on them over time.

What we did with v16, is released minor versions every week or every two weeks and eliminated our "Known Problems" list. We have never done this before. We are in the VERY unique position to have about 25 items in our list right now for SmarterMail v16. Its absolutely insane the effort we have put into this release and I'm tired of the complaints.

People have looked at all our minor releases in v16 as a negative when it should be seen as a positive. We treated almost every issue even if reported by 1 person equally. SmarterMail v16 is used by about 6 million users right now we have almost no "Known Problems".

In addition, were about 50% completed with v17 tackling some of the most VOTED up items in the community.

Why the long response. Because you made the comment about being hosed in another Topic and then the comments here. And the constant complaints from a few other people I won't name.
Tim Uzzanti
CEO
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
^^^ lmao...

Christopher

0
Tim,

Great idea! We've had a few customers ask about adding their own extensions, so this would be great.

However, can this also be extended to a per user basis? IE Server level blocks these... Domain level blocks server + its own, User level blocs server + domain + its own defined extensions?

Christopher

0
Reason I ask about the per-user setting is because, for example, we have a (large) company that has a support@ email address that frequently gets spam PDFs and txt documents advertising services etc. They would love to be able to say * in the blocked extensions field and not receive any attachments at all for this specific account, however would still like to receive PDFs etc. for normal user accounts.

Christopher

0
I understand the issue but I think a content filter would work best for that.

The blacklist of file extensions is really intended to be a security issue not a filtering of content.

Were constantly battling when to add or not add settings so that product doesn't become overly complicated. When we re-did v16 we went through every setting and we were able to eliminate many while finding ways to include more functionality.

I would classify this particular request as being able to be accomplished by Filtering and leaving Blacklists of extensions as a Security related event for System and Domain administrators.

Oh, I didn't see eliminate that except for.... That may be able to be accomplished in filtering... but that is such a unique situation we wouldn't want to include an entire section in settings at the user level for it.
Tim Uzzanti
CEO
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
For sure, I agree on the major edge case :) - Will look into content filtering on that one.

Christopher

0
I just wanted to add some insight here, awhile back I was looking to do the same thing by issuing a server wide block for a specific attachment, but there was none on the global level. I ended up using content filtering per domain like Tim had mentioned. It works for what I need it to do and quite well. Yes it's a pain to setup if you host a lot of domains, but you could always setup 1 domain and then copy the rule from the domainConfig.xml you just setup, paste it in the other domains and then a restart of the SM service would be required. Then they all would have the same rule.

Reply to Thread