Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
362
Views
0
Helpful
6
Replies

Plain text files get blocked on content filter

Integration Support
Level 1
Level 1

‎05-21-2025 10:38 PM

Hey all,

I'm encountering an issue with the content filter I configured in ESA. I've set it to only allow specific file types, but sometimes plain text emails without attachments are being incorrectly identified as "unidentified files" and sent to quarantine.

I've attached an example of the rule I configured and mails that I download from the quarantine 1 HTML format and Plain text format  for your reference.

Thanks,

Labels:
Preview file
6 KB
Preview file
114 KB
0 Helpful
6 Replies 6

Ken Stieers
VIP
VIP

‎05-22-2025 07:05 AM

In the condition section, at the top left, you have it set for "If one or more conditions match"
And your first condition is "attachment-filetype != "mp4"...
So all attachments that aren't MP4 will get quarantined. The engine starts at the top, and if one matches, it quits checking.

What are you trying to do?
0 Helpful

Integration Support
Level 1
Level 1
In response to Ken Stieers

‎05-24-2025 10:02 PM

Thank you for your response.

What I'm trying to achieve is to create a whitelist for allowed file types. Any files not on this list should be sent to quarantine.

The image I uploaded was from a lab environment. My question aims to understand what syntax to use to prevent emails generated in plain text format, which the system identifies as an attachment "without a type," from being blocked.

0 Helpful

Dustin Anderson
VIP Alumni
VIP Alumni
In response to Integration Support

‎05-27-2025 07:27 AM - edited ‎05-27-2025 07:30 AM

you'll need to make it a match all rule then, but then would say like attachment is not (allowed types), Attachment does not contain \.

it does regex and the \ is an escape character so if the attahcment doesn't contain a period it's let through. I would also from experience allow message.htm and message.html through as some email systems send HTML messages as attachments.

 

Keep in mind if you quarantine if the email has 1 of the not allowed types it'll quarantine it all. So you could look at sending a copy to a quarantine and stripping the unwanted attachments instead. 

0 Helpful

Integration Support
Level 1
Level 1
In response to Dustin Anderson

‎05-27-2025 10:17 PM

Hey Dustin,

Thank you for your replay, I tried to configure it like you said, but now even files that not appear on the list, passed.
I'm attaching the new conditions, I'll be happy if you can review it. 

Preview file
147 KB
0 Helpful

Dustin Anderson
VIP Alumni
VIP Alumni
In response to Integration Support

‎05-28-2025 10:23 AM

It may be the mime type as a lot of attachments are mime encoded, so may fail that check and not hit. Looking at your rules say I sent in a rar file. Rule 1 passes since it's not in the list, rule 2 passes since it's not html, but rule 3 may fail since it could have been mime encoded, so would not quarantine.  you may have to break that out into a separate content filter.

0 Helpful

Dustin Anderson
VIP Alumni
VIP Alumni

‎05-22-2025 12:25 PM

As Ken stated, you have it set to any match, and a basic condition of the attachment not being MP4, so everything else will match and quarantine. Best it to set to match on what you don't want for less false positives. Below is an example of what we had.

Screenshot 2025-05-22 142318.jpg

0 Helpful
Customers Also Viewed These Support Documents