Allow this type of password protected file

Shawn Iverson shawniverson at summitgrid.com
Thu Sep 22 12:04:59 UTC 2022


To do this just for that sender:

MailScanner.conf: (Typically in /etc/MailScanner)

Allow Password-Protected Archives = %rules-dir%/password.rules

In password.rules in your %rules-dir% (Typically in 
/etc/MailScanner/rules), tab separated:

From: sender at example.org    yes

FromOrTo:    default     no


On 9/22/22 06:06, Danita Zanrè wrote:
>
> *Warning: This message originated from outside the organization. Use 
> caution when following links or opening attachments.*
>
> Hi Peter,
>
> Yeah - I know - but this is a bank in the Netherlands who insists on 
> sending these password protected files. I'm not sure how to get the 
> files to the intended recipient otherwise. This passes through to 
> another entity's email system (so it's unlikely to harm my own 
> network), so I'm trying to make them happy.  I could simply tell them 
> to have the bank "change their policies" for them only, but you know 
> what the likely outcome is to that request.
>
> Danita
>
>
> Peter Farrow via MailScanner wrote on 9/22/22 11:43:
>>
>> Dear Danita,
>>
>> You should NEVER allow password-protected files.
>>
>> A would be attacker sends a password-protected file, then sends the 
>> password and the victim opens the file and any malicious content gets 
>> let into the network "just like that".
>>
>> Whitelisting the sender means your network security relies on their 
>> network security.  Its not an issue it is "by design".
>>
>> Pete
>>
>> 	
>> Peter Farrow BEng(Hons) BBC ETSI
>> Office: 01249 736180 | <tel:01249%20736181>
>> Mobile: +44 (0) 7799605617 <tel:+44%20%280%29%207799605617>
>> Email: *MailScanner has detected a possible fraud attempt from 
>> "mail:peter.farrow at togethia.net" claiming to be* 
>> peter.farrow at togethia.net <mail:peter.farrow at togethia.net>
>> Website: www.togethia.it <https://www.togethia.it>
>> <https://facebook.com/togethiait> <skype:peter_farrow>
>>
>> On 22/09/2022 10:39, Danita Zanrè wrote:
>>> Hello everyone.  Can someone remind  me of what I would need to do 
>>> to allow these files through, or just whitelist this particular 
>>> sender?  I believe this is probably a "Sophos" issue, but you are my 
>>> go-to group for solving these issues!
>>>
>>> Sophos: Password protected file 
>>> /data/MailScanner/incoming/27332/8AA72173CF1.A944B/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.zip/HKB_TA1142P1_2022090918190400000709_EM_Stmt_01_20220909_000190.PDF
>>>
>>> Thanks for any help here!
>>>
>>> Danita
>>>
>>>
>>
>>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.mailscanner.info/pipermail/mailscanner/attachments/20220922/9fe2b67e/attachment.html>


More information about the MailScanner mailing list