Attachment Filtering
Attachment Filtering allows you to set up rules to filter what types of email attachments to allow and block on the mail server. A rule is composed of:
- Attachment types to block
- Actions to take when a matching attachment is found
- The users to which a rule applies.
To configure attachment rules, navigate to Content Filtering > Attachment Filtering. This page allows you to view, create, enable, disable or delete rules.
Creating an Attachment Filtering rule
To create an Attachment filtering rule follow the steps listed below:
Step 1: Configuring basic rule settings and the terms to block
- Navigate to Content Filtering > Attachment Filtering node.
- Click Add Rule...
- Specify a name for the rule in the Rule name text box.
- Select whether to scan inbound, outbound and/or internal emails.
Option | Description |
---|---|
Scan Inbound SMTP Email | Select this option to scan incoming emails |
Scan Outbound SMTP Email | Select this option to scan outgoing emails |
Check Internal emails |
Select this option to scan internal emails. NOTE This option is only available when GFI MailEssentials is installed on the Microsoft® Exchange server |
- In the Attachment Blocking area, specify the types of attachments to block:
Option | Description |
---|---|
Block all | Block all email attachments of any type. |
Block this list | Block a custom list of attachment types. Key in a filename and/or attachment type to block in the Enter filename with optional wildcards text box and click Add. Repeat this step for all filenames and/or attachment types to block. |
Do not block attachments smaller than the following size: | Select this option to allow attachment types in the list that are smaller than a particular size. Specify the size (in KB) in the text box provided. |
Block all except this list | Block all attachments except the ones specified in the list. Key in a filename and/or attachment type to allow in the Enter filename with optional wildcards text box and click Add. Repeat this step for all filenames and/or attachment types to exclude. |
NOTE
When specifying filenames and/or attachment types, you can use asterisk (*) wildcards. For example, specifying *orders*.mdb
refers to all files of type mdb that contain the string orders
in the file name. Specifying *.jpg
will block all images of type jpg.
NOTE
To remove an entry from the list, select it and click Remove Selected.
- You can also block attachments that have a size bigger than a particular size. To enable this option, from the Options area select Block all attachments greater than the following size and specify the maximum attachment size (in KB).
NOTE
This feature blocks all attachments with a file size bigger than the one specified irrespective if the attachment matches an entry in the Attachment blocking list.
Step 2: Configuring the actions to take on detected emails
- Click the Actions tab to configure what happens when this rule is triggered.
- To block an email that matches the rule conditions, select Block attachment and perform this action and select one of the following options:
Option | Description |
---|---|
Quarantine email | Stores blocked emails in the Quarantine Store. You can subsequently review (approve/delete) all the quarantined emails. For more information refer to Quarantine. |
Delete email | Deletes blocked emails. |
Move to folder on disk | Moves the email to a folder on disk. Key in the full folder path where to store blocked emails. |
IMPORTANT
Actions always affect the whole email containing the blocked content, even if there is other content (such as attachments) that do not trigger this rule.
- Select Send a sanitized copy of the original email to recipient(s) to choose whether to send a copy of the blocked email to the recipients but with the malicious content removed.
- To send email notifications whenever an email gets blocked, check any of the following options:
Option | Description |
---|---|
Notify administrator |
To notify the administrator whenever this engine blocks an email. For more information refer to Administrator email address. For more information refer to Administrator email address. |
Notify local user | To notify the email local recipients about the blocked email. |
- To log the activity of this engine to a log file, check Log rule occurrence to this file and specify the path and file name to a custom location on the disk to store the log file. By default, log files are stored in:
<GFI MailEssentials installation path>\GFI\MailEssentials\EmailSecurity\Logs\<EngineName>.log
Step 3: Specifying users to whom this rule applies
- By default, the rule is applied to all email users. GFI MailEssentials, however, allows you to apply this rule to a custom list of email users specified in the Users / Folders tab.
- Specify the users to apply this rule to.
Option | Description |
---|---|
Only this list | Apply this rule to a custom list of email users, groups or public folders. |
All except this list | Apply this rule to all email users except for the users, groups or public folders specified in the list. |
- To add email users, user groups and/or public folders to the list, click Add.
- In the User Lookups window, specify the name of the email user/user group or public folder that you wish to add to the list and click Check Names. Matching users, groups or public folders are listed underneath.
NOTE
You do not need to input the full name of the users, groups or public folder. It is enough to enter part of the name. GFI MailEssentials will list all the names that contain the specified characters. For example, if you input sco
, GFI MailEssentials will return names such as Scott Adams
and Freeman Prescott
, if they are available.
- Select the check box next to the name(s) that you want to add to the list and click OK.
NOTE
To remove entries from the list, select the user/user group/public folder you want to remove and click Remove.
- Repeat steps 3 to 5 to add all the required users to the list.
- Click Apply.
Enabling/disabling rules
To enable or disable attachment filtering rules:
- Go to Content Filtering > Attachment Filtering.
- From the Attachment Filtering page, select the checkbox of the rule(s) to enable or disable.
- Click Enable Selected or Disable Selected accordingly.
Removing attachment rules
Warning
Deleted rules are not recoverable. If in doubt, it is recommended to disable a rule.
- Go to Content Filtering > Attachment Filtering.
- From Attachment Filtering page, select the rule(s) that you want to remove.
- Click Remove Selected.
Modifying an existing rule
- Go to Content Filtering > Attachment Filtering.
- From Attachment Filtering page, click the name of the rule to modify.
- Perform the required changes in the rule properties and click Apply.
Changing the rule priority
Attachment Filtering rules are applied in the same order, from top to bottom as they are listed in the Attachment Filtering page (that is, rule with priority value 1 is checked first). To change the sequence/priority of rules:
- Go to Content Filtering > Attachment Filtering.
- From the Attachment Filtering page, click the (up) or (down) arrows to respectively increase or decrease the priority of the selected rule.
- Repeat step 2 until rules are placed in the desired sequence.