Attachment Filtering

Attachment Filtering

The Attachment filter facility can reject or quarantine mails which contain certain types of files based on their extensions (e.g. executables) and/or their MIME types. If any mail part matches, the whole mail is rejected.

Attachment Filtering Methods

The Attachment filters can identify file attachments using a number of different methods, and also automatically scans compressed archive files:
  • Extension Filters: Using the messages MIME headers, the attachment filter can extract each file attachments extension, and apply filter decision based on the listed extensions.

    This will not recognize files correctly if the sender modified the filename. For example, if a win32 executable has been renamed photo.jpg, a exe extension will not detect it. For cases like this it is necessary to also use the File Type Filters and/or MIME Type filters. You may also select the Scan Double Extensions to identify files which may have been renamed in an attempt to obfuscate their true identity. Double extensions are often used to trick users into opening malware. Often mail clients such as Outlook may hide the second extension so filename.gif.exe may appear as an ordinary filename.gif file.

    Only alpha numeric characters are allow for filename extensions.

  • File Name Filters: Using the messages MIME headers, the attachment filter can extract each file attachments filename, and apply the filter decision based on the listed filenames.

    Use the asterisk sign (*) to match zero or more characters; use the question mark sign (?) to match a single character. For instance, to filter all executable attachments that include the word sample, create a filter *sample*.exe.

  • File Type Filters: Z Services Email Security will scan each attachment to determine its file type. If this matches any of those listed in the File Type Filters table, then the message will be filtered accordingly. This is useful in preventing users changing an attachments extension in order to try and circumvent the filters. For instance, an executable attachment will get blocked even if the file itself has a .txt extension.
  • Mime Type Filters: The Mime Type is the file type as reported in the MIME Content-Disposition and Content-Type headers, both in their raw (encoded) form and in rfc2047-decoded form if applicable. It consists of a general type and a specific type indicator; for instance image/png, video/avi or text/html.

  • Compressed Archive File Scanning: The attachment scanner will automatically scan files inside of compressed archive files such as .zip and .gz files. For each of the Extension, File Name, and File Type filters, you can specify if the filter should apply to files contain in archives or not using the Scan Archive setting.

    • Related Articles

    • Z Services Pattern Filtering

      In Z Services cloud, pattern filters allow you to block or accept emails based on filter rules that can be applied to an email. Pattern filtering is generally not needed, but occasionally it may be necessary to define filters that block or accept ...

    • Filtering Mail History

      Go to Reporting > History > Mail Filters to filter the emails in your mail history. Filter using the follow criteria: Message Flow: view email that was sent (Outbound ), received (Inbound ) or both (Inbound and Outbound). Recipient email address: ...

    • Creating a Pattern Filter

      Follow the steps below to create a new pattern filter in Z Services Cloud. Log into Z Services cloud as a Global Admin. Go to Filter Rules > Pattern Filtering and the Pattern Filters window displays: You can use the filter bar at the top of the ...

    • Filtering Quarantine

      To filter email in quarantine, go to Quarantine > Manage Quarantine > Search Filters tab. The following window displays: To filter the quarantine list, enter your search criteria: Message Type: filter messages based on how they were classified by Z ...

    • Anti-Spam Engine

      Z Services Cloud has extensive content scanning and message filtering capabilities that allow you to apply corporate filtering policies to all messages that enter or leave your organization on a per-domain or per-recipient basis. Go to the Anti-Spam ...