Views:

InterScan Messaging Security scans the file inside an archive or ZIP file when the Attachment Filter option is enabled.

To enable the Attachment Filter:

  1. Log in to the console of your InterScan Messaging Security product.
  2. Go to Policy > Policy List > Add > Others to create a new policy.

    Add a new policy

  3. Under Step 1: Select Recipients and Senders, choose your preferred policy route type from the This rule will apply to dropdown list.
    • incoming messages
    • outgoing messages
    • both incoming and outgoing messages
    • POP3
    • all messages

    Select the policy route type

  4. Specify the recipients and senders based on the selected policy route type:
    • For incoming messages, specify the recipient’s address, which is in range of the internal addresses. For example, internal address is imsstest.com, valid recipients include jim@imsstest.com, bob@imsstest.com.
    • For outgoing messages, specify the sender’s address, which is in range of the internal addresses. For example: internal address is imsstest.com, valid senders include jim@imsstest.com, bob@imsstest.com.
    • For both incoming and outgoing messages, the rule applies to senders or recipients that match the mail address. Use the asterisk wildcard when specifying an email address.
    • For POP3, the route cannot be configured because it applies to all POP3 routes.
    • For all messages, the rule applies to messages from any sender to any recipient.
  5. Click Next.
  6. Under Step 2: Select Scanning Conditions, mark the True file type or the Name or extension or both check boxes on the Attachment section to filter EXE files.

    Select attachment type to filter EXE files

  7. Click the Name or extension link.
  8. Tick the File extensions to scan (recommended) check box and select the EXE only.

    File extensions to scan

  9. Click Save.
  10. Click the True file type link and select EXE from the Executable dropdown list.

    Select Executable as True file type

  11. Click Save, and then click Next.
  12. Under Step 3: Select Actions, you may choose from the following options:
    • Do not intercept messages - This allows you to deliver the message.
    • Quarantine to - This enables you to quarantine the email.
    You may also add more actions using one or both of the following options under the Modify section:
    • Delete attachment - This prevents the attachment from being delivered.
    • Insert stamp in body - This adds a stamp to inform the user that a security violation was triggered.

    Select actions

  13. If you selected the Insert stamp in body option, add a new stamp:
    1. Click Edit > Add.

      Add new stamp

    2. Type the name of the stamp in the Name field.
    3. Select any of the following:
      • End of message body
      • Beginning of message body
    4. Enter the message in the Text field. To see the types of variables you can include in the message, click Variables list.
    5. Tick the Do not stamp TNEF-encoded messages or digitally signed messages check box to prevent possible damage to TNEF-encoded messages or digitally signed messages.

      Add new stamp

    6. Click Save, and then click Done to complete the new stamp.
  14. Click Save.
  15. Under Step 4: Name and Order, fill out the Rule Name and Order Number fields for this rule.

    Rule name and order

  16. Click Save.
Keywords: block exe,archive,zip,pop3 yahoo mail,detect exe,detect exe inside zip,detect exe inside rar,detect exe in compressed file