11-16-2014 11:07 PM
Hello,
one of our customers experiences some Problems with filtering attachments based on their file extensions.
What we did: We created a dictionary with extension formats like ".exe" or ".cab"
Based on this dictionary we created a policy, that all Mails are scanned. If an attachment matching this dictionary is in the mail, this attachment will be striped and replaced by a TXT file.
In my tests this worked fine, only files matching are replaced, the others pass. BUT after activating the rule, we had the Problem, that a lot of attachments not having an extension that should be filtered where striped. So ".xls" or ".pdf" where striped too.
Can you help me how to configure it correct? Do we have to change something in the Dictionary? Why is this happening, any explanation?
Thanks a lot for your help in advance and best regards
Michael
01-08-2015 08:13 AM
Hello,
We are doing something similar, but we are not using a dictionary. We specify the file extension in a content filter action of strip attachment by file info, file name ends with, and we use this regular expression:
(?i)\.bat
(?i) makes it case insensitive, the "\" makes the action search for the special character period (which in regex is a wildcard), and then the file extension.
When you save it, it will look a little off, the GUI adds some regex characters to it. the entry will look something like this on the content filter page:
drop-attachments-by-name("(?i)\\.bat$"
This expression will drop all instances of file extensions that have .bat, which includes all possible combinations. Examples include .BAT, .bat, .bAT, so on and so forth.
Hope this helps =)
01-09-2015 02:18 AM
Hi Michael,
words in dictionaries are seen as regular expressions, thus an entry like
.exe
would also match on a word like june_executive_summary.pdf
(in regular expressions, the single period (.) represents a character)
To match extensions only, you can add a $ sign to the entry, which means "only at the end of a filename". Also masquerade the period, so it it is seen as one.
\\.cab$
\\.exe$
Also make sure the dictionary has the " checkbox unchecked.
Hope that helps,
Andreas
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide