Quarantine questions

GVB
Scholar

Quarantine questions

Hello,

 

I have my mail solution working.

 

During the full store scan it put some mail and attachments aside.

 

Now  I have a few questions about what ended up in the quarantine.

 

1.

1 mail that has an excel (macro) attachment is being blocked.

 

Attachment 'HA4028_2016.xlsm' matches 'Disallowed Inbound Files' stripping condition; Real type: application/octet-stream; description: Office Archive File; extensions: xlsx docx dotx ppsx pptx VBA

 

when I look at what Disallowed Inbound File contains there's no mention of the extensions as listed above it's all executable and script files. But reprocessing keeps failing.

 

2.

a lot of zip files that where password protected where put aside.

I can send them but this creates a new mail while some attachment are from mail from 2 years ago.

Is there no way to reprocess attachments in the attachments tab ?

3 REPLIES 3
GVB
Scholar

Re: Quarantine questions

Is there a way to add an IP range to the allowed hosts so that I can connect to the console/quarantine from my own computer with dhcp based IP address ?

 

I tried 192.168.0.0/24 & 192.168.0.1-250 but that doesn't seem to work. It works with my currect IP tho but it might change over time. Also my colleagues should keep an eye on it.

GVB
Scholar

Re: Quarantine questions

the 192.168.0.0/24 method works afterall. I forgot to save the changes (popup was out of sight)

Highlighted
F-Secure

Re: Quarantine questions

Hi,
1 - This could be if  File type recognition is on. If there are scripts inside excel it is treated as executable
Could you list content of Disallowed Inbound Files?

2 - I'm not sure I got it right "this creates a new mail while some attachment are from mail from 2 years ago."
You send one file and got another 0_o ?

I tested on my server:
- sent email with password protected zip
- it was quarantined
- recipient got email with warning template
- I went to email quarantine\query\mails and attachments and released it
- recipient got original email with zip