Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Blocking emails with attached EXE files in InterScan Messaging Security products

    • Updated:
    • 15 Sep 2015
    • Product/Version:
    • InterScan Messaging Security Virtual Appliance 9.0
    • Platform:
    • VMware ESX - 5.0
    • Windows 2008 Enterprise
Summary

Detect and block emails that contain EXE files as attachments in InterScan Messaging security products.

Details
Public

InterScan Messaging Security scans the file attachment inside the email when the Attachment Filter option is enabled. To enable the Attachment Filter:

  1. Log in to the InterScan Messaging Security product console.
  2. Go to Policy > Policy List > Add > Others to create a new policy.
  3. Under Step 1: Select Recepients and Senders, choose your preferred policy route type from the This rule will apply to dropdown list:
    • incoming messages
    • outgoing messages
    • both incoming and outgoing messages
    • POP3
    • all messages
  4. Specify the recipients and senders based on the selected policy route type:
    • For incoming messages, specify the recipient’s address that is in range of the internal addresses. For example, internal address is imsstest.com and valid recipients include jim@imsstest.com and bob@imsstest.com.
    • For outgoing messages, specify the sender’s address that is in range of the internal addresses. For example, internal address is imsstest.com and valid senders include jim@imsstest.com and bob@imsstest.com.
    • For both incoming and outgoing messages, the rule applies to senders or recipients that match the mail address. Use the asterisk wildcard when specifying an email address.
    • For POP3, the route cannot be configured because it applies to all POP3 routes.
    • For all messages, the rule applies to messages from any sender to any recipient.
  5.  Click Next.
  6. Under Step 2: Select Scanning Conditions, tick the True file type or the Name or extension or both check boxes on the Attachment section to filter EXE files.

    Select attachment type to filter EXE files.

  7. Click the Name or extension link.
  8. Tick the File extensions to scan (recommended) check box and select the EXE only.


  9. Select Save.
  10. Click the True file type link and select EXE from the Executable dropdown list.

  11. Click Save and then choose Next.
  12. Under Step 3: Select Actions, you may choose from the following options:
    • Do not intercept messages 
      This allows you to deliver the message.
    • Quarantine to
      This enables you to quarantine the email.
     
    Select Quarantine to in order to quarantine the mails with EXE attachments.

    You may also add more actions using one or both of the following options under the Modify section:

    • Delete attachment
      This prevents the attachment from being delivered.
    • Insert stamp in body 
      This adds a stamp to inform the user that a security violation was triggered.

  13. Click Next.
  14. Under Step 4: Name and Order, fill out the Rule Name and Order Number fields for this rule.
  15. Click Save.
     
    For the Order Number, you would need to place this rule right after the Global antivirus rule.

    In this approach, in case there are undetected EXE files, this rule would do the quarantine action and the email sample can be downloaded for submission to Trend Micro Technical Support.

    To download quarantined emails from this rule, go to Mail Areas & Queues > Query and type the Rule name you created. Adjust the date range if necessary and click Display Log.

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1110764
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.