Password protected attachments are dropped by F-Secure Email and Server Security

Issue:

Why is F-Secure Email and Server Security dropping password protected attachments?

Resolution:

If password protected attachments are being dropped from emails, you should review actions that are taken when emails include archived files. You can review and change the settings by following these steps:

  1. Log in to the Email and Server Security Web Console
  2. Select Email traffic scanning from the menu 
  3. Select Incoming mail
On this page you will find the following settings for archived files:
  • Action on archives with disallowed files
  • Action on max nested archives
  • Action on password protected archives
Make sure that password protected archives are allowed to pass through if you do not want them to be dropped.

User-added image

The archived attachments can also be dropped if you have active match lists that are triggered for your email route as you have configured. If inbound archived attachments are dropped, they are most likely triggering the 'Disallowed Inbound Files' match list. You can from the above mentioned Incoming mail settings page check the setting for list of files to scan inside archives. This setting shows which match list it currently uses.

The match list can be found in F-Secure Email and Server Security Web GUI:
  1. Go to the Settings page 
  2. Select List and templates
User-added image

When a match list is active for incoming email traffic, when a user sends an attachment file that is included in this list, the rule will be triggered and the file is dropped.

If a file is being dropped, you can verify it from the logfile.log. Here are two example entries from the logfile log:

Example 1: conditionReason: Attachment 'password_protected_example.docx' matches 'Disallowed Files Internal' stripping condition; Real type: application/msword; description: Microsoft Compound Document;Microsoft Word Document; password protected; extensions: DOC DOT 

Example2: Attachment '2019-04-18_examplefile.pptx' matches  'Disallowed Inbound Files' stripping condition; Real type: application/msword; description: Microsoft Compound Document;Microsoft Word Document; password protected; extensions: DOC DOT  Action: Message stopped  

To allow the files in the examples, you would need to remove the *.doc extension from the disallowed files match list.

Article no: 000011451

Pricing & Product Info

For product info and pricing please go to the F-Secure product page

Version history
Revision #:
2 of 2
Last update:
‎14-11-2019 02:14 PM
Updated by: