Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Archiving emails with a Word document or a zip file attached in InterScan Messaging Security products

    • Updated:
    • 27 Oct 2015
    • Product/Version:
    • InterScan Messaging Security Virtual Appliance 9.0
    • Platform:
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 6 32-bit
    • VMware ESX - 5.0
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Server R2
    • Windows 2008 Server R2 Enterprise
    • Windows 2008 Standard
Summary

Detect and archive emails containing attachments such as Word documents or zip files in InterScan Messaging Security products.

Details
Public

InterScan Messaging Security scans the file attachment inside the email when the Attachment Filter option is enabled. To enable the Attachment Filter:

  1.  Log in to the console of your InterScan Messaging Security product.
  2. Go to Policy > Policy List > Add > Others to create a new policy.

  3. Under Step 1: Select Recipients and Senders, choose your preferred policy route type from the This rule will apply to dropdown list.
      • incoming messages
      • outgoing messages
      • both incoming and outgoing messages
      • POP3
      • all messages
  4. Specify the recipients and senders based on the selected policy route type:
    • For incoming messages, specify the recipient’s address, which is in range of the internal addresses. For example, internal address is imsstest.com, valid recipients include jim@imsstest.com, bob@imsstest.com.
    • For outgoing messages, specify the sender’s address, which is in range of the internal addresses. For example: internal address is imsstest.com, valid senders include jim@imsstest.com, bob@imsstest.com.
    • For both incoming and outgoing messages, the rule applies to senders or recipients that match the mail address. Use the asterisk wildcard when specifying an email address.
    • For POP3, the route cannot be configured because it applies to all POP3 routes.
    • For all messages, the rule applies to messages from any sender to any recipient.
  5. Click Next.
  6. Under Step 2: Select Scanning Conditions, mark the True file type or the Name or extension or both check boxes on the Attachment section to filter word documents and zip files.
  7. Click the True file type link. Tick the Microsoft Word and ZIP check box. Click Save.

     
    If you need to select other file types, you can perform it in this section.
  8. Click the Name or extension link.
  9. Tick the File extensions to consider scanning (more commonly exchanged) option and select the Word documents.

  10. Click Save.
  11. Select Next.
  12. Under Step 3: Select Actions, choose Do not intercept messages to let the matching emails pass, 

    but tick Archive modified to, which makes an archive copy that could be downloaded later on.

  13. Choose Next.
  14. Under Step 4: Name and Order, fill out the Rule Name and Order Number fields for this rule.

  15. Click Save.
     
    For the Order Number, you would need to place this rule right after the Global Antivirus rule or the after the rule specified in this KB article.

    In this approach, in case there are undetected Word and zip files, this rule would do the archive action and the email sample can be downloaded for submission to Trend Micro Support for further investigation.

    To download quarantined emails from this rule, go to Mail Areas & Queues > Query, type the Rule name you created, adjust the date range if necessary and select Display Log.

Premium
Internal
Rating:
Category:
Configure
Solution Id:
1110765
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.