Forbiden attachments: clean the attachment and add NOTIFICATION about the removed file
Idea shared by Omar Escalante - 8/31/2021 at 8:19 AM
Under Consideration

Attachments can be dangerous when they come from attackers. They can be dangerous if they come from a trusted but infected contact. 
But, many times they are important files.
Today, we loose one email with an order from UNILEVER.

The receiver need to know this mail is coming with this attachments. May be is better to send anyway the mail, but with a message writting "THIS MAIL CAME WITH THIS XXXXXXXX ATTACHEMENTS, and have been remove due xxxx"

Especially files with OFFICE format are widely used and dangerous due to the possibility of containing and executing macros. But, they also come with valuable information for the company. 

For security reasons, I must block the entry of these files. But, in order to work I need them. 
On June I suggested: (and I receive a mail from support about this function is in process)

MAIL event: 
* Forbidden Attachment 
* Enabled 
* Email 
* Message Received 
* Condition: When user received forbidden attachment extension 

* Action: Send email 
* Frequency: None 
* From: admin 
* To: # toaddress # 
* Subject: Message with forbidden attachment to you 
* Body: # toaddress # has received a new message with this forbidden extension: "xxx" from # fromaddress #. Subject: # subject # Size: # sizekb # KB Spam Level: # spamlevel #

Today I think would be better (and may be easier) to allow the email but without the attachement and one NOTE with the detail about the removed file

5 Replies

Reply to Thread
Gabriele Maoret - SERSIS - Head of SysAdmins
Currently manages 3 SmarterMail installations (1 in cloud for SERSIS which provides service to a few hundreds 3rd party Mail Domains + 2 on premise to customers)
Employee Replied
Employee Post
Hi Omar,

Your new suggestion is similar to how our SmarterTrack product handles tickets we import from email, that have attachments on the blacklist. We receive the ticket/email, but there is a note that an attachment (with the file name) was removed. I'll go ahead and get your new suggestion submitted in a ticket on your behalf.
Yeah, make this optional. I don’t want to receive tons of of spam messages with their bogus exe or vbs attachment removed…
The antispam must work anyway.
This would be only for the good emails after all antispam tools 
Yeah... if someone emails me a vbs file, I dont want an email about it, period... regardless if the email passes anti-spam or not.

Reply to Thread