Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Blocking EXE files within an archive or ZIP file in InterScan Messaging Security

    • Updated:
    • 10 Feb 2016
    • Product/Version:
    • InterScan Messaging Security Appliance 5000 7.0
    • InterScan Messaging Security Suite 7.1 Linux
    • InterScan Messaging Security Suite 7.1 Windows
    • InterScan Messaging Security Suite 7.5 Windows
    • InterScan Messaging Security Virtual Appliance 8.2
    • InterScan Messaging Security Virtual Appliance 8.5
    • InterScan Messaging Security Virtual Appliance 9.0
    • Platform:
    • Linux - Red Hat RHEL 3 32-bit
    • Linux - Red Hat RHEL 4 32-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - SuSE 10
    • Linux - SuSE 9.0
    • Windows 2000 Advanced Server
    • Windows 2000 Server
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Server R2
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Standard
Summary

Detect and block EXE files inside an archive or ZIP file in InterScan Messaging Security products.

Details
Public

InterScan Messaging Security scans the file inside an archive or ZIP file when the Attachment Filter option is enabled.

To enable the Attachment Filter:

  1. Log in to the console of your InterScan Messaging Security product.
  2. Go to Policy > Policy List > Add > Others to create a new policy.

    Add a new policy

  3. Under Step 1: Select Recipients and Senders, choose your preferred policy route type from the This rule will apply to dropdown list.
    • incoming messages
    • outgoing messages
    • both incoming and outgoing messages
    • POP3
    • all messages

    Select the policy route type

  4. Specify the recipients and senders based on the selected policy route type:
    • For incoming messages, specify the recipient’s address, which is in range of the internal addresses. For example, internal address is imsstest.com, valid recipients include jim@imsstest.com, bob@imsstest.com.
    • For outgoing messages, specify the sender’s address, which is in range of the internal addresses. For example: internal address is imsstest.com, valid senders include jim@imsstest.com, bob@imsstest.com.
    • For both incoming and outgoing messages, the rule applies to senders or recipients that match the mail address. Use the asterisk wildcard when specifying an email address.
    • For POP3, the route cannot be configured because it applies to all POP3 routes.
    • For all messages, the rule applies to messages from any sender to any recipient.
  5. Click Next.
  6. Under Step 2: Select Scanning Conditions, mark the True file type or the Name or extension or both check boxes on the Attachment section to filter EXE files.

    Select attachment type to filter EXE files

  7. Click the Name or extension link.
  8. Tick the File extensions to scan (recommended) check box and select the EXE only.

    File extensions to scan

  9. Click Save.
  10. Click the True file type link and select EXE from the Executable dropdown list.

    Select Executable as True file type

  11. Click Save, and then click Next.
  12. Under Step 3: Select Actions, you may choose from the following options:
    • Do not intercept messages - This allows you to deliver the message.
    • Quarantine to - This enables you to quarantine the email.
    You may also add more actions using one or both of the following options under the Modify section:
    • Delete attachment - This prevents the attachment from being delivered.
    • Insert stamp in body - This adds a stamp to inform the user that a security violation was triggered.

    Select actions

  13. If you selected the Insert stamp in body option, add a new stamp:
    1. Click Edit > Add.

      Add new stamp

    2. Type the name of the stamp in the Name field.
    3. Select any of the following:
      • End of message body
      • Beginning of message body
    4. Enter the message in the Text field. To see the types of variables you can include in the message, click Variables list.
    5. Tick the Do not stamp TNEF-encoded messages or digitally signed messages check box to prevent possible damage to TNEF-encoded messages or digitally signed messages.

      Add new stamp

    6. Click Save, and then click Done to complete the new stamp.
  14. Click Save.
  15. Under Step 4: Name and Order, fill out the Rule Name and Order Number fields for this rule.

    Rule name and order

  16. Click Save.
Premium
Internal
Rating:
Category:
Configure
Solution Id:
1099617
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.