7
Forbiden attachments: clean the attachment and add NOTIFICATION about the removed file
Idea shared by Omar Escalante - 8/31/2021 at 8:19 AM
Under Consideration

Attachments can be dangerous when they come from attackers. They can be dangerous if they come from a trusted but infected contact. 
But, many times they are important files.
Today, we loose one email with an order from UNILEVER.

The receiver need to know this mail is coming with this attachments. May be is better to send anyway the mail, but with a message writting "THIS MAIL CAME WITH THIS XXXXXXXX ATTACHEMENTS, and have been remove due xxxx"

Especially files with OFFICE format are widely used and dangerous due to the possibility of containing and executing macros. But, they also come with valuable information for the company. 

For security reasons, I must block the entry of these files. But, in order to work I need them. 
On June I suggested: (and I receive a mail from support about this function is in process)

MAIL event: 
* Forbidden Attachment 
* Enabled 
* Email 
* Message Received 
* Condition: When user received forbidden attachment extension 

ACTION:
* Action: Send email 
* Frequency: None 
* From: admin 
* To: # toaddress # 
* Subject: Message with forbidden attachment to you 
* Body: # toaddress # has received a new message with this forbidden extension: "xxx" from # fromaddress #. Subject: # subject # Size: # sizekb # KB Spam Level: # spamlevel #

NEW SUGGESTION
Today I think would be better (and may be easier) to allow the email but without the attachement and one NOTE with the detail about the removed file

5 Replies

Reply to Thread
0
+1
Gabriele Maoret - Head of SysAdmins at SERSIS Currently manages 6 SmarterMail installations (1 in the cloud for SERSIS which provides services to a few hundred third-party email domains + 5 on-premise for customers who prefer to have their mail server in-house)
0
Employee Replied
Employee Post
Hi Omar,

Your new suggestion is similar to how our SmarterTrack product handles tickets we import from email, that have attachments on the blacklist. We receive the ticket/email, but there is a note that an attachment (with the file name) was removed. I'll go ahead and get your new suggestion submitted in a ticket on your behalf.
1
Yeah, make this optional. I don’t want to receive tons of of spam messages with their bogus exe or vbs attachment removed…
1
The antispam must work anyway.
This would be only for the good emails after all antispam tools 
2
Yeah... if someone emails me a vbs file, I dont want an email about it, period... regardless if the email passes anti-spam or not.

Reply to Thread