The emails are quarantined because one or more zip files are embedded in the Office file, thus the policy is triggered. IMSVA quarantines these emails according to the policy rule setting.
Different file types can be embeded into Office files (OLE objects), including malware. To block malwares hidden in an Office file, IMSVA extracts all OLE objects inside an Office file and scans them against policy rules.
For more information about OLE objects, refer to the Microsoft Office article: Create, edit, and control OLE objects.
By default, IMSVA will scan the embedded OLE objects in the Office files. If you do not want IMSVA to scan the OLE objects, do the following:
- Create a backup of the /opt/trend/imss/config/imss.ini file.
- Open the imss.ini file and locate the [general] section.
- Add the hidden key "EnableOleEmbedScan" and set it to "not".
For example:
#######################################################################
[general]
#######################################################################
EnableOleEmbedScan=not - Restart the IMSS service using the command:
#/opt/trend/imss/script/S99IMSS restart