Hello community,

I have the challenge to identify attachments of unwanted file types within a message filter on the ESA (7.6.1). To do so I have used the function "attachment-binary-comtains()" to match the "Magic Bytes" of a file type. This is what I tried for 7zip as an example:

sevenzip:

if attachment-binary-contains('\x37\x7A\xBC\xAF\x27\x1C')

{

log-entry('7zip');

}

.

An error occurred during processing: Error in regular expression "7z\xbc\xaf'\x1c":  'utf8' codec can't decode byte 0xbc in position 2: unexpected code byte

Can anyone help me with the syntax of the filter statement? The system should not interpret the string as UTF-8 but as binary data.

Thanks and regards,

Markus