Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1246
Views
0
Helpful
3
Replies

Quarantine and notify but don't include attachements from original email

swanny1600
Level 1
Level 1

‎01-04-2012 08:24 PM

Hi All ,

A bit new to ironport and not sure how to achieve the desired result;

In Gui I'm creating a incoming content filter to quarantine zip files (silly yes but doing as told) and I want to notify the recipient of the email of the quaratine and include the original email as an attachment WITHOUT the zip (otherwises it all gets pointless)

How do I achieve this?

No problems creating the incoming content filter, create new filter and add condition and actions to quaratine and notify but the tick box only allows for including the original as as attachment, do I need to add another action to strip the zip file as the final action? (from my logic I don't think it would possibly work....but happy to be wrong)

Running 2 x C370 in cluster on AsyncOS 7.5.1-028

Thanks for any assistance

Swanny

Labels:
0 Helpful
3 Replies 3

Scott Follick
Level 1
Level 1

‎01-06-2012 12:58 PM

Swanny,

     Have you gotten this issue resolved? If not let me know, I have actually built these policies in my C150's to stop all compressed files and deliver the message and a notification.

0 Helpful

swanny1600
Level 1
Level 1
In response to Scott Follick

‎01-08-2012 02:19 PM

Hi Scott,

I haven't resolved it yet, is it possible through the GUI via stepping the rules in the correct order or does it need to be done via the CLI

Any info you could give would be much appreciated

thanks

swanny

0 Helpful

Scott Follick
Level 1
Level 1
In response to Scott Follick

‎01-09-2012 09:45 AM

First you create a content filer mine is Media_removal

Add condition

Attachment File Info

     File type is Media or Compressed  etc. Each category will require an additional condition.

Go to Actions

Add Action

First action is quarantine and duplicate message

Next for each condition you must create another action. 

Strip Attachment by File Info

Select file type and inject a replacement message (if you want).  Mine is something like this

"This message had an attachment that was removed.
Please submit a helpdesk ticket with the senders email address.
If you recieve this after normal business hours and this an emergency Please contact IT Support  @ xxxxx. "

The last thing I have strip header and i have type message-ID.

If this is your policy then the final action would be deliver.  For me  i have more policies each message goes through.

I also sent you a private message with my email.

0 Helpful
Customers Also Viewed These Support Documents