Allow this type of password protected file

Peter Farrow peter.farrow at togethia.net
Thu Sep 22 09:43:44 UTC 2022


Dear Danita,

You should NEVER allow password-protected files.

A would be attacker sends a password-protected file, then sends the 
password and the victim opens the file and any malicious content gets 
let into the network "just like that".

Whitelisting the sender means your network security relies on their 
network security.  Its not an issue it is "by design".

Pete

	
Peter Farrow BEng(Hons) BBC ETSI
Office: 01249 736180 | <tel:01249 736181>
Mobile: +44 (0) 7799605617 <tel:+44 (0) 7799605617>
Email: peter.farrow at togethia.net <mail:peter.farrow at togethia.net>
Website: www.togethia.it <https://www.togethia.it>
<https://facebook.com/togethiait> <skype:peter_farrow>

On 22/09/2022 10:39, Danita Zanrè wrote:
> Hello everyone.  Can someone remind  me of what I would need to do to 
> allow these files through, or just whitelist this particular sender?  
> I believe this is probably a "Sophos" issue, but you are my go-to 
> group for solving these issues!
>
> Sophos: Password protected file 
> /data/MailScanner/incoming/27332/8AA72173CF1.A944B/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.zip/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.PDF
>
> Thanks for any help here!
>
> Danita
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20220922/7ca330dd/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_0x67CA5C7785A4003A.asc
Type: application/pgp-keys
Size: 2456 bytes
Desc: OpenPGP public key
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20220922/7ca330dd/attachment.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OpenPGP_signature
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20220922/7ca330dd/attachment.sig>


More information about the MailScanner mailing list